From ec606a3da0ba3715484f48bdfb1023cefc46f019 Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 3 Nov 2025 19:14:14 +0000 Subject: [PATCH 01/54] Update versions in application files --- components/package.json | 2 +- docs/content/en/open_source/upgrading/2.53.md | 7 +++++++ dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 20 ++++--------------- helm/defectdojo/README.md | 2 +- 5 files changed, 14 insertions(+), 19 deletions(-) create mode 100644 docs/content/en/open_source/upgrading/2.53.md diff --git a/components/package.json b/components/package.json index bf6b25cf39d..07c351cf814 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.52.0", + "version": "2.53.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/docs/content/en/open_source/upgrading/2.53.md b/docs/content/en/open_source/upgrading/2.53.md new file mode 100644 index 00000000000..7eafce4e660 --- /dev/null +++ b/docs/content/en/open_source/upgrading/2.53.md @@ -0,0 +1,7 @@ +--- +title: 'Upgrading to DefectDojo Version 2.53.x' +toc_hide: true +weight: -20251103 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.53.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.53.0) for the contents of the release. diff --git a/dojo/__init__.py b/dojo/__init__.py index 784b90d2773..75c2142e9d9 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = "2.52.0" +__version__ = "2.53.0-dev" __url__ = "https://github.com/DefectDojo/django-DefectDojo" __docs__ = "https://documentation.defectdojo.com" diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 68abf43f6de..f38e5988843 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.52.0" +appVersion: "2.53.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.8.0 +version: 1.8.1-dev icon: https://defectdojo.com/hubfs/DefectDojo_favicon.png maintainers: - name: madchap @@ -33,17 +33,5 @@ dependencies: # - kind: security # description: Critical bug annotations: - artifacthub.io/prerelease: "false" - artifacthub.io/changes: | - - kind: changed - description: DRY cloudsql-proxy - - kind: changed - description: Each component allow to specific image + allow digest pinning + allow different tags for Django and Nginx - - kind: added - description: Convert existing comments to descriptors - - kind: added - description: Testing on the oldest officially supported k8s - - kind: added - description: Checker for maximal number of celery beats - - kind: changed - description: Bump DefectDojo to 2.52.0 + artifacthub.io/prerelease: "true" + artifacthub.io/changes: "" diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md index 456011dab3e..7fd44828e41 100644 --- a/helm/defectdojo/README.md +++ b/helm/defectdojo/README.md @@ -495,7 +495,7 @@ kubectl delete pvc data-defectdojo-redis-0 data-defectdojo-postgresql-0 # General information about chart values -![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![AppVersion: 2.52.0](https://img.shields.io/badge/AppVersion-2.52.0-informational?style=flat-square) +![Version: 1.8.1-dev](https://img.shields.io/badge/Version-1.8.1--dev-informational?style=flat-square) ![AppVersion: 2.53.0-dev](https://img.shields.io/badge/AppVersion-2.53.0--dev-informational?style=flat-square) A Helm chart for Kubernetes to install DefectDojo From 0dc5a5bba893b7942bc17064fc980b5e452602cc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 3 Nov 2025 14:26:47 -0600 Subject: [PATCH 02/54] chore(deps): update dependency renovatebot/renovate from 41.168.0 to v41.168.6 (.github/workflows/renovate.yaml) (#13584) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 4639ecea596..d7efd937cfc 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -21,4 +21,4 @@ jobs: uses: suzuki-shunsuke/github-action-renovate-config-validator@c22827f47f4f4a5364bdba19e1fe36907ef1318e # v1.1.1 with: strict: "true" - validator_version: 41.168.0 # renovate: datasource=github-releases depName=renovatebot/renovate + validator_version: 41.168.6 # renovate: datasource=github-releases depName=renovatebot/renovate From 22afcfc5d198d77bf2c028e2d26bdd88f2457ea2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 3 Nov 2025 14:28:01 -0600 Subject: [PATCH 03/54] chore(deps): update mccutchen/go-httpbin docker tag from 2.18.3 to v2.19.0 (docker-compose.override.dev.yml) (#13585) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docker-compose.override.dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.override.dev.yml b/docker-compose.override.dev.yml index 65b39e350ec..bc31139a352 100644 --- a/docker-compose.override.dev.yml +++ b/docker-compose.override.dev.yml @@ -60,4 +60,4 @@ services: protocol: tcp mode: host "webhook.endpoint": - image: mccutchen/go-httpbin:2.18.3@sha256:3992f3763e9ce5a4307eae0a869a78b4df3931dc8feba74ab823dd2444af6a6b + image: mccutchen/go-httpbin:2.19.0@sha256:be41c6c3772393c097e15f9f8ac381de4ce9e9841c545556af98fbe2e707c619 From 99b95673b2f25aea95fb1b8b845acc7ecc57026b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 3 Nov 2025 17:38:15 -0600 Subject: [PATCH 04/54] chore(deps): update dependency renovatebot/renovate from 41.168.6 to v41.169.2 (.github/workflows/renovate.yaml) (#13594) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index d7efd937cfc..4c35e01758d 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -21,4 +21,4 @@ jobs: uses: suzuki-shunsuke/github-action-renovate-config-validator@c22827f47f4f4a5364bdba19e1fe36907ef1318e # v1.1.1 with: strict: "true" - validator_version: 41.168.6 # renovate: datasource=github-releases depName=renovatebot/renovate + validator_version: 41.169.2 # renovate: datasource=github-releases depName=renovatebot/renovate From 9007e4db68fdf5e74c4dc2e5d4e8ce52a7e0835a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Nov 2025 08:56:09 -0700 Subject: [PATCH 05/54] chore(deps): bump drf-spectacular from 0.28.0 to 0.29.0 (#13600) Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.28.0 to 0.29.0. - [Release notes](https://github.com/tfranzel/drf-spectacular/releases) - [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst) - [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.28.0...0.29.0) --- updated-dependencies: - dependency-name: drf-spectacular dependency-version: 0.29.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 82bc08c4176..05c3bac79b2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -56,7 +56,7 @@ cvss==3.6 django-fieldsignals==0.7.0 hyperlink==21.0.0 djangosaml2==1.11.1 -drf-spectacular==0.28.0 +drf-spectacular==0.29.0 drf-spectacular-sidecar==2025.10.1 django-ratelimit==4.1.0 argon2-cffi==25.1.0 From 87a46aeb8b8bdcc02c02f168c7c666bc476f6144 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Nov 2025 08:56:35 -0700 Subject: [PATCH 06/54] chore(deps): bump openapitools/openapi-generator-cli (#13599) Bumps openapitools/openapi-generator-cli from v7.16.0 to v7.17.0. --- updated-dependencies: - dependency-name: openapitools/openapi-generator-cli dependency-version: v7.17.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.integration-tests-debian | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.integration-tests-debian b/Dockerfile.integration-tests-debian index 06cf3b7c435..2041a086c72 100644 --- a/Dockerfile.integration-tests-debian +++ b/Dockerfile.integration-tests-debian @@ -1,7 +1,7 @@ # code: language=Dockerfile -FROM openapitools/openapi-generator-cli:v7.16.0@sha256:e56372add5e038753fb91aa1bbb470724ef58382fdfc35082bf1b3e079ce353c AS openapitools +FROM openapitools/openapi-generator-cli:v7.17.0@sha256:868b97eb4e5080d2cdfd5b3eeaa4d52e4bbb7c56f14e234b08b0b0bc4f38a78f AS openapitools # currently only supports x64, no arm yet due to chrome and selenium dependencies FROM python:3.13.7-slim-trixie@sha256:5f55cdf0c5d9dc1a415637a5ccc4a9e18663ad203673173b8cda8f8dcacef689 AS build WORKDIR /app From 503399f011e57a33c68135670301b9d696ef49a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Nov 2025 08:56:54 -0700 Subject: [PATCH 07/54] chore(deps): bump nginx from 1.29.2-alpine3.22 to 1.29.3-alpine3.22 (#13598) Bumps nginx from 1.29.2-alpine3.22 to 1.29.3-alpine3.22. --- updated-dependencies: - dependency-name: nginx dependency-version: 1.29.3-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.nginx-alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.nginx-alpine b/Dockerfile.nginx-alpine index 7c608d08444..aa867828a2f 100644 --- a/Dockerfile.nginx-alpine +++ b/Dockerfile.nginx-alpine @@ -63,7 +63,7 @@ COPY dojo/ ./dojo/ # always collect static for debug toolbar as we can't make it dependant on env variables or build arguments without breaking docker layer caching RUN env DD_SECRET_KEY='.' DD_DJANGO_DEBUG_TOOLBAR_ENABLED=True python3 manage.py collectstatic --noinput --verbosity=2 && true -FROM nginx:1.29.2-alpine3.22@sha256:61e01287e546aac28a3f56839c136b31f590273f3b41187a36f46f6a03bbfe22 +FROM nginx:1.29.3-alpine3.22@sha256:b3c656d55d7ad751196f21b7fd2e8d4da9cb430e32f646adcf92441b72f82b14 ARG uid=1001 ARG appuser=defectdojo COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/ From d049730d2211a8c1946546e7fea29fe7e1429d0e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Nov 2025 11:44:14 -0600 Subject: [PATCH 08/54] chore(deps): bump markdown from 3.9 to 3.10 (#13609) Bumps [markdown](https://github.com/Python-Markdown/markdown) from 3.9 to 3.10. - [Release notes](https://github.com/Python-Markdown/markdown/releases) - [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md) - [Commits](https://github.com/Python-Markdown/markdown/compare/3.9.0...3.10.0) --- updated-dependencies: - dependency-name: markdown dependency-version: '3.10' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 05c3bac79b2..5d9cf18ce94 100644 --- a/requirements.txt +++ b/requirements.txt @@ -26,7 +26,7 @@ humanize==4.14.0 jira==3.10.5 PyGithub==2.8.1 lxml==6.0.2 -Markdown==3.9 +Markdown==3.10 openpyxl==3.1.5 Pillow==12.0.0 # required by django-imagekit psycopg[c]==3.2.12 From 0b705d668034a5e047370fad1cf23fb6e3831724 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Nov 2025 11:45:50 -0600 Subject: [PATCH 09/54] chore(deps): bump boto3 from 1.40.63 to 1.40.65 (#13610) Bumps [boto3](https://github.com/boto/boto3) from 1.40.63 to 1.40.65. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.40.63...1.40.65) --- updated-dependencies: - dependency-name: boto3 dependency-version: 1.40.65 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 5d9cf18ce94..f185011d5c0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -62,7 +62,7 @@ django-ratelimit==4.1.0 argon2-cffi==25.1.0 blackduck==1.1.3 pycurl==7.45.7 # Required for Celery Broker AWS (SQS) support -boto3==1.40.63 # Required for Celery Broker AWS (SQS) support +boto3==1.40.65 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==3.1.1 fontawesomefree==6.6.0 From 71ae67d9202ac711f7de84db919679ff8ea988a5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 4 Nov 2025 11:46:30 -0600 Subject: [PATCH 10/54] chore(deps): update dependency renovatebot/renovate from 41.169.2 to v41.169.4 (.github/workflows/renovate.yaml) (#13607) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 4c35e01758d..5d867c02a0c 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -21,4 +21,4 @@ jobs: uses: suzuki-shunsuke/github-action-renovate-config-validator@c22827f47f4f4a5364bdba19e1fe36907ef1318e # v1.1.1 with: strict: "true" - validator_version: 41.169.2 # renovate: datasource=github-releases depName=renovatebot/renovate + validator_version: 41.169.4 # renovate: datasource=github-releases depName=renovatebot/renovate From b2036f011df4dabdef1dc2fdccd7b5c1f5894c96 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 4 Nov 2025 11:48:17 -0600 Subject: [PATCH 11/54] chore(deps): update dependency kubernetes/kubernetes from v1.34.0 to v1.34.1 (.github/workflows/k8s-tests.yml) (#13603) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/k8s-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/k8s-tests.yml b/.github/workflows/k8s-tests.yml index 237c27e4dc5..30dc7ab5cff 100644 --- a/.github/workflows/k8s-tests.yml +++ b/.github/workflows/k8s-tests.yml @@ -16,7 +16,7 @@ jobs: # databases, broker and k8s are independent, so we don't need to test each combination # lastest k8s version (https://kubernetes.io/releases/) and the oldest officially supported version # are tested (https://kubernetes.io/releases/) - - k8s: 'v1.34.0' # renovate: datasource=github-releases depName=kubernetes/kubernetes versioning=loose + - k8s: 'v1.34.1' # renovate: datasource=github-releases depName=kubernetes/kubernetes versioning=loose os: debian - k8s: 'v1.31.13' # Do not track with renovate as we likely want to rev this manually os: debian From 3c28fb5c47df35f0bcfb0bf4c0e53972c279c164 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 4 Nov 2025 11:50:26 -0600 Subject: [PATCH 12/54] chore(deps): update dependency vite from 7.1.11 to v7.1.12 (docs/package.json) (#13604) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docs/package-lock.json | 8 ++++---- docs/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index 26c62b5a377..00e6c52a650 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -20,7 +20,7 @@ }, "devDependencies": { "prettier": "3.6.2", - "vite": "7.1.11" + "vite": "7.1.12" }, "engines": { "node": ">=20.11.0" @@ -4558,9 +4558,9 @@ "license": "MIT" }, "node_modules/vite": { - "version": "7.1.11", - "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.11.tgz", - "integrity": "sha512-uzcxnSDVjAopEUjljkWh8EIrg6tlzrjFUfMcR1EVsRDGwf/ccef0qQPRyOrROwhrTDaApueq+ja+KLPlzR/zdg==", + "version": "7.1.12", + "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.12.tgz", + "integrity": "sha512-ZWyE8YXEXqJrrSLvYgrRP7p62OziLW7xI5HYGWFzOvupfAlrLvURSzv/FyGyy0eidogEM3ujU+kUG1zuHgb6Ug==", "dev": true, "license": "MIT", "dependencies": { diff --git a/docs/package.json b/docs/package.json index 69785ab15ee..e4c4cda9aa6 100644 --- a/docs/package.json +++ b/docs/package.json @@ -27,7 +27,7 @@ }, "devDependencies": { "prettier": "3.6.2", - "vite": "7.1.11" + "vite": "7.1.12" }, "engines": { "node": ">=20.11.0" From 723d6ee58d70292710bdc33c2a392178e5276989 Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Tue, 4 Nov 2025 19:07:14 +0100 Subject: [PATCH 13/54] :tada: implement n0s1 scanner #13564 (#13580) * implement n0s1 scanner #13564 * update * ruff * update * update * update * underline the correctness through comparison with rustyhog --- .../parsers/file/n0s1.md | 18 + dojo/settings/settings.dist.py | 1 + dojo/tools/n0s1/__init__.py | 0 dojo/tools/n0s1/parser.py | 86 ++ unittests/scans/n0s1/many_findings.json | 1375 +++++++++++++++++ unittests/tools/test_n0s1_parser.py | 31 + unittests/tools/test_rusty_hog_parser.py | 10 + 7 files changed, 1521 insertions(+) create mode 100644 docs/content/en/connecting_your_tools/parsers/file/n0s1.md create mode 100644 dojo/tools/n0s1/__init__.py create mode 100644 dojo/tools/n0s1/parser.py create mode 100644 unittests/scans/n0s1/many_findings.json create mode 100644 unittests/tools/test_n0s1_parser.py diff --git a/docs/content/en/connecting_your_tools/parsers/file/n0s1.md b/docs/content/en/connecting_your_tools/parsers/file/n0s1.md new file mode 100644 index 00000000000..c310a20a505 --- /dev/null +++ b/docs/content/en/connecting_your_tools/parsers/file/n0s1.md @@ -0,0 +1,18 @@ +--- +title: "n0s1 Scanner" +toc_hide: true +--- + +### File Types +Parser n0s1 expects a JSON file of scanner n0s1. + +### Sample Scan Data +Sample n0s1 scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/n0s1). + +### Link To Tool +See n0s1 on GitHub: https://github.com/spark1security/n0s1 + +### Default Deduplication Hashcode Fields +By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/): + +- description diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 97fdd706ea4..a8ef11f257a 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1397,6 +1397,7 @@ def saml2_attrib_map_format(din): "Cycognito Scan": ["title", "severity"], "OpenVAS Parser v2": ["title", "severity", "vuln_id_from_tool", "endpoints"], "Snyk Issue API Scan": ["vuln_id_from_tool", "file_path"], + "n0s1 Scanner": ["description"], } # Override the hardcoded settings here via the env var diff --git a/dojo/tools/n0s1/__init__.py b/dojo/tools/n0s1/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/dojo/tools/n0s1/parser.py b/dojo/tools/n0s1/parser.py new file mode 100644 index 00000000000..bbfc60422e2 --- /dev/null +++ b/dojo/tools/n0s1/parser.py @@ -0,0 +1,86 @@ + +import json + +from dojo.models import Finding +from dojo.tools.parser_test import ParserTest + + +class N0s1Parser: + def get_scan_types(self): + return ["n0s1 Scanner"] + + def get_label_for_scan_types(self, scan_type): + return scan_type + + def get_description_for_scan_types(self, scan_type): + return "JSON output from the n0s1 scanner." + + def get_tests(self, scan_type, handle): + data = json.load(handle) + subscanner = self.detect_subscanner(data) + test = ParserTest( + name=subscanner, + parser_type=subscanner, + version=data.get("tool", {}).get("version", ""), + description=f"Scan from {subscanner}", + ) + test.findings = self.get_findings_from_data(data) + return [test] + + def get_findings(self, scan_file, test): + data = json.load(scan_file) + return self.get_findings_from_data(data) + + def detect_subscanner(self, data): + platforms = {f.get("details", {}).get("platform", "") for f in data.get("findings", {}).values()} + if "Confluence" in platforms: + return "n0s1 Confluence" + if "GitHub" in platforms: + return "n0s1 GitHub" + if "GitLab" in platforms: + return "n0s1 GitLab" + return "n0s1" + + def get_findings_from_data(self, data): + dupes = {} + regex_configs = {} + if "regex_config" in data and "rules" in data["regex_config"]: + for rule in data["regex_config"]["rules"]: + regex_configs[rule["id"]] = rule + for finding_id, finding_data in data.get("findings", {}).items(): + details = finding_data.get("details", {}) + regex_ref = details.get("matched_regex_config", {}) + regex_id = regex_ref.get("id") + regex_info = regex_configs.get(regex_id, {}) + merged_regex = { + "id": regex_id, + "description": regex_ref.get("description", regex_info.get("description", "N/A")), + "regex": regex_ref.get("regex", regex_info.get("regex", "N/A")), + "keywords": regex_info.get("keywords", []), + "tags": regex_info.get("tags", []), + } + title = merged_regex["id"] or "n0s1 Finding" + description = f"**URL:** {finding_data.get('url', 'N/A')}\n" + description += f"**Secret:** {finding_data.get('secret', 'N/A')}\n" + description += f"**Platform:** {details.get('platform', 'N/A')}\n" + description += f"**Ticket Field:** {details.get('ticket_field', 'N/A')}\n" + description += f"**Regex ID:** {merged_regex['id']}\n" + description += f"**Regex Description:** {merged_regex['description']}\n" + description += f"**Regex Pattern:** {merged_regex['regex']}\n" + if merged_regex["keywords"]: + description += f"**Keywords:** {', '.join(merged_regex['keywords'])}\n" + if merged_regex["tags"]: + description += f"**Tags:** {', '.join(merged_regex['tags'])}\n" + dupe_key = finding_data.get("id", finding_id) + if dupe_key in dupes: + continue + finding = Finding( + title=title, + description=description, + severity="High", + dynamic_finding=True, + static_finding=False, + unique_id_from_tool=dupe_key, + ) + dupes[dupe_key] = finding + return list(dupes.values()) diff --git a/unittests/scans/n0s1/many_findings.json b/unittests/scans/n0s1/many_findings.json new file mode 100644 index 00000000000..839975ac3a3 --- /dev/null +++ b/unittests/scans/n0s1/many_findings.json @@ -0,0 +1,1375 @@ +{ + "tool": { + "name": "n0s1", + "version": "1.0.30", + "author": "Spark 1 Security", + "scan_arguments": { + "scan_comment": true, + "post_comment": false, + "secret_manager": "a secret manager tool", + "contact_help": "contact@spark1.us", + "label": "n0s1bot_auto_comment_e869dd5fa15ca0749a350aac758c7f56f56ad9be1", + "report_format": "json", + "debug": false, + "show_matched_secret_on_logs": false, + "scan_target": "confluence_scan", + "timeout": null, + "limit": null, + "scan_scope": "" + } + }, + "scan_date": { + "timestamp": 1761751223.023414, + "date_utc": "2025-10-29T15:20:23" + }, + "regex_config": { + "title": "n0s1 config 20231115 v002", + "rules": [ + { + "id": "gitlab_personal_access_token", + "description": "GitLab Personal Access Token", + "regex": "\\bglpat-[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab", + "revocation_type" + ], + "keywords": [ + "glpat" + ] + }, + { + "id": "gitlab_pipeline_trigger_token", + "description": "GitLab Pipeline Trigger Token", + "regex": "\\bglptt-[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "glptt" + ] + }, + { + "id": "gitlab_runner_registration_token", + "description": "GitLab Runner Registration Token", + "regex": "\\bGR1348941[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "GR1348941" + ] + }, + { + "id": "gitlab_runner_auth_token", + "description": "GitLab Runner Authentication Token", + "regex": "\\bglrt-[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "glrt" + ] + }, + { + "id": "gitlab_feed_token", + "description": "GitLab Feed Token", + "regex": "\\bfeed_token=[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "feed_token" + ] + }, + { + "id": "gitlab_oauth_app_secret", + "description": "GitLab OAuth Application Secrets", + "regex": "\\bgloas-[0-9a-zA-Z_\\-]{64}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "gloas" + ] + }, + { + "id": "gitlab_feed_token_v2", + "description": "GitLab Feed token", + "regex": "\\bglft-[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "glft" + ] + }, + { + "id": "gitlab_kubernetes_agent_token", + "description": "GitLab Agent for Kubernetes token", + "regex": "\\bglagent-[0-9a-zA-Z_\\-]{50}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "glagent" + ] + }, + { + "id": "gitlab_incoming_email_token", + "description": "GitLab Incoming email token", + "regex": "\\bglimt-[0-9a-zA-Z_\\-]{25}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "glimt" + ] + }, + { + "id": "AWS", + "description": "AWS Access Token", + "regex": "\\bAKIA[0-9A-Z]{16}\\b", + "tags": [ + "aws", + "revocation_type" + ], + "keywords": [ + "AKIA" + ] + }, + { + "id": "PKCS8 private key", + "description": "PKCS8 private key", + "regex": "-----BEGIN PRIVATE KEY-----", + "keywords": [ + "-----BEGIN PRIVATE KEY-----" + ] + }, + { + "id": "RSA private key", + "description": "RSA private key", + "regex": "-----BEGIN RSA PRIVATE KEY-----", + "keywords": [ + "-----BEGIN RSA PRIVATE KEY-----" + ] + }, + { + "id": "SSH private key", + "description": "SSH private key", + "regex": "-----BEGIN OPENSSH PRIVATE KEY-----", + "keywords": [ + "-----BEGIN OPENSSH PRIVATE KEY-----" + ] + }, + { + "id": "PGP private key", + "description": "PGP private key", + "regex": "-----BEGIN PGP PRIVATE KEY BLOCK-----", + "keywords": [ + "-----BEGIN PGP PRIVATE KEY BLOCK-----" + ] + }, + { + "description": "systemd machine-id", + "id": "systemd-machine-id", + "path": "^machine-id$", + "regex": "^[0-9a-f]{32}\\n$", + "entropy": 3.5 + }, + { + "id": "Github Personal Access Token", + "description": "Github Personal Access Token", + "regex": "ghp_[0-9a-zA-Z]{36}", + "keywords": [ + "ghp_" + ] + }, + { + "id": "Github OAuth Access Token", + "description": "Github OAuth Access Token", + "regex": "gho_[0-9a-zA-Z]{36}", + "keywords": [ + "gho_" + ] + }, + { + "id": "SSH (DSA) private key", + "description": "SSH (DSA) private key", + "regex": "-----BEGIN DSA PRIVATE KEY-----", + "keywords": [ + "-----BEGIN DSA PRIVATE KEY-----" + ] + }, + { + "id": "SSH (EC) private key", + "description": "SSH (EC) private key", + "regex": "-----BEGIN EC PRIVATE KEY-----", + "keywords": [ + "-----BEGIN EC PRIVATE KEY-----" + ] + }, + { + "id": "Github App Token", + "description": "Github App Token", + "regex": "(ghu|ghs)_[0-9a-zA-Z]{36}", + "keywords": [ + "ghu_", + "ghs_" + ] + }, + { + "id": "Github Refresh Token", + "description": "Github Refresh Token", + "regex": "ghr_[0-9a-zA-Z]{76}", + "keywords": [ + "ghr_" + ] + }, + { + "id": "Shopify shared secret", + "description": "Shopify shared secret", + "regex": "shpss_[a-fA-F0-9]{32}", + "keywords": [ + "shpss_" + ] + }, + { + "id": "Shopify access token", + "description": "Shopify access token", + "regex": "shpat_[a-fA-F0-9]{32}", + "keywords": [ + "shpat_" + ] + }, + { + "id": "Shopify custom app access token", + "description": "Shopify custom app access token", + "regex": "shpca_[a-fA-F0-9]{32}", + "keywords": [ + "shpca_" + ] + }, + { + "id": "Shopify private app access token", + "description": "Shopify private app access token", + "regex": "shppa_[a-fA-F0-9]{32}", + "keywords": [ + "shppa_" + ] + }, + { + "id": "Slack token", + "description": "Slack token", + "regex": "xox[baprs]-([0-9a-zA-Z]{10,48})?", + "keywords": [ + "xoxb", + "xoxa", + "xoxp", + "xoxr", + "xoxs" + ] + }, + { + "id": "Stripe", + "description": "Stripe", + "regex": "(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}", + "keywords": [ + "sk_test", + "pk_test", + "sk_live", + "pk_live" + ] + }, + { + "id": "PyPI upload token", + "description": "PyPI upload token", + "regex": "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}", + "tags": [ + "pypi", + "revocation_type" + ], + "keywords": [ + "pypi-AgEIcHlwaS5vcmc" + ] + }, + { + "id": "Google (GCP) Service-account", + "description": "Google (GCP) Service-account", + "tags": [ + "gitlab_partner_token", + "revocation_type" + ], + "regex": "\\\"private_key\\\":\\s*\\\"-{5}BEGIN PRIVATE KEY-{5}[\\s\\S]*?\",", + "keywords": [ + "service_account" + ] + }, + { + "id": "GCP API key", + "description": "GCP API keys can be misused to gain API quota from billed projects", + "tags": [ + "gitlab_partner_token", + "revocation_type" + ], + "regex": "(?i)\\b(AIza[0-9A-Za-z-_]{35})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "secretGroup": 1, + "keywords": [ + "AIza" + ] + }, + { + "id": "GCP OAuth client secret", + "description": "GCP OAuth client secrets can be misused to spoof your application", + "tags": [ + "gitlab_partner_token", + "revocation_type" + ], + "regex": "GOCSPX-[a-zA-Z0-9_-]{28}", + "keywords": [ + "GOCSPX-" + ] + }, + { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + { + "id": "Heroku API Key", + "description": "Heroku API Key", + "regex": "(?i)(?:heroku)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:=|\\|\\|:|<=|=>|:)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60]|$)", + "secretGroup": 1, + "keywords": [ + "heroku" + ] + }, + { + "id": "Slack Webhook", + "description": "Slack Webhook", + "regex": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}", + "keywords": [ + "https://hooks.slack.com/services" + ] + }, + { + "id": "Twilio API Key", + "description": "Twilio API Key", + "regex": "SK[0-9a-fA-F]{32}", + "keywords": [ + "SK", + "twilio" + ] + }, + { + "id": "Age secret key", + "description": "Age secret key", + "regex": "AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}", + "keywords": [ + "AGE-SECRET-KEY-1" + ] + }, + { + "id": "Facebook token", + "description": "Facebook token", + "regex": "(?i)(facebook[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "facebook" + ] + }, + { + "id": "Twitter token", + "description": "Twitter token", + "regex": "(?i)(twitter[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{35,44})['\\\"]", + "secretGroup": 3, + "keywords": [ + "twitter" + ] + }, + { + "id": "Adobe Client ID (Oauth Web)", + "description": "Adobe Client ID (Oauth Web)", + "regex": "(?i)(adobe[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "adobe" + ] + }, + { + "id": "Adobe Client Secret", + "description": "Adobe Client Secret", + "regex": "(p8e-)(?i)[a-z0-9]{32}", + "keywords": [ + "adobe", + "p8e-," + ] + }, + { + "id": "Alibaba AccessKey ID", + "description": "Alibaba AccessKey ID", + "regex": "(LTAI)(?i)[a-z0-9]{20}", + "keywords": [ + "LTAI" + ] + }, + { + "id": "Alibaba Secret Key", + "description": "Alibaba Secret Key", + "regex": "(?i)(alibaba[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{30})['\\\"]", + "secretGroup": 3, + "keywords": [ + "alibaba" + ] + }, + { + "id": "Asana Client ID", + "description": "Asana Client ID", + "regex": "(?i)(asana[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([0-9]{16})['\\\"]", + "secretGroup": 3, + "keywords": [ + "asana" + ] + }, + { + "id": "Asana Client Secret", + "description": "Asana Client Secret", + "regex": "(?i)(asana[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "asana" + ] + }, + { + "id": "Atlassian API token", + "description": "Atlassian API token", + "regex": "(?i)(atlassian[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{24})['\\\"]", + "secretGroup": 3, + "keywords": [ + "atlassian" + ] + }, + { + "id": "Bitbucket client ID", + "description": "Bitbucket client ID", + "regex": "(?i)(bitbucket[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "bitbucket" + ] + }, + { + "id": "Bitbucket client secret", + "description": "Bitbucket client secret", + "regex": "(?i)(bitbucket[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9_\\-]{64})['\\\"]", + "secretGroup": 3, + "keywords": [ + "bitbucket" + ] + }, + { + "id": "Beamer API token", + "description": "Beamer API token", + "regex": "(?i)(beamer[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](b_[a-z0-9=_\\-]{44})['\\\"]", + "secretGroup": 3, + "keywords": [ + "beamer" + ] + }, + { + "id": "Clojars API token", + "description": "Clojars API token", + "regex": "(CLOJARS_)(?i)[a-z0-9]{60}", + "keywords": [ + "CLOJARS_" + ] + }, + { + "id": "Contentful delivery API token", + "description": "Contentful delivery API token", + "regex": "(?i)(contentful[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9\\-=_]{43})['\\\"]", + "secretGroup": 3, + "keywords": [ + "contentful" + ] + }, + { + "id": "Contentful preview API token", + "description": "Contentful preview API token", + "regex": "(?i)(contentful[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9\\-=_]{43})['\\\"]", + "secretGroup": 3, + "keywords": [ + "contentful" + ] + }, + { + "id": "Databricks API token", + "description": "Databricks API token", + "regex": "dapi[a-h0-9]{32}", + "keywords": [ + "dapi", + "databricks" + ] + }, + { + "description": "DigitalOcean OAuth Access Token", + "id": "digitalocean-access-token", + "regex": "(?i)\\b(doo_v1_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "secretGroup": 1, + "keywords": [ + "doo_v1_" + ] + }, + { + "description": "DigitalOcean Personal Access Token", + "id": "digitalocean-pat", + "regex": "(?i)\\b(dop_v1_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "secretGroup": 1, + "keywords": [ + "dop_v1_" + ] + }, + { + "description": "DigitalOcean OAuth Refresh Token", + "id": "digitalocean-refresh-token", + "regex": "(?i)\\b(dor_v1_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "secretGroup": 1, + "keywords": [ + "dor_v1_" + ] + }, + { + "id": "Discord API key", + "description": "Discord API key", + "regex": "(?i)(discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{64})['\\\"]", + "secretGroup": 3, + "keywords": [ + "discord" + ] + }, + { + "id": "Discord client ID", + "description": "Discord client ID", + "regex": "(?i)(discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([0-9]{18})['\\\"]", + "secretGroup": 3, + "keywords": [ + "discord" + ] + }, + { + "id": "Discord client secret", + "description": "Discord client secret", + "regex": "(?i)(discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9=_\\-]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "discord" + ] + }, + { + "id": "Doppler API token", + "description": "Doppler API token", + "regex": "['\\\"](dp\\.pt\\.)(?i)[a-z0-9]{43}['\\\"]", + "keywords": [ + "doppler" + ] + }, + { + "id": "Dropbox API secret/key", + "description": "Dropbox API secret/key", + "regex": "(?i)(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{15})['\\\"]", + "keywords": [ + "dropbox" + ] + }, + { + "id": "Dropbox short lived API token", + "description": "Dropbox short lived API token", + "regex": "(?i)(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](sl\\.[a-z0-9\\-=_]{135})['\\\"]", + "keywords": [ + "dropbox" + ] + }, + { + "id": "Dropbox long lived API token", + "description": "Dropbox long lived API token", + "regex": "(?i)(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"][a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\\-_=]{43}['\\\"]", + "keywords": [ + "dropbox" + ] + }, + { + "id": "Duffel API token", + "description": "Duffel API token", + "regex": "['\\\"]duffel_(test|live)_(?i)[a-z0-9_-]{43}['\\\"]", + "keywords": [ + "duffel" + ] + }, + { + "id": "Dynatrace API token", + "description": "Dynatrace API token", + "regex": "['\\\"]dt0c01\\.(?i)[a-z0-9]{24}\\.[a-z0-9]{64}['\\\"]", + "keywords": [ + "dt0c01" + ] + }, + { + "id": "EasyPost API token", + "description": "EasyPost API token", + "regex": "['\\\"]EZAK(?i)[a-z0-9]{54}['\\\"]", + "keywords": [ + "EZAK" + ] + }, + { + "id": "EasyPost test API token", + "description": "EasyPost test API token", + "regex": "['\\\"]EZTK(?i)[a-z0-9]{54}['\\\"]", + "keywords": [ + "EZTK" + ] + }, + { + "id": "Fastly API token", + "description": "Fastly API token", + "regex": "(?i)(fastly[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9\\-=_]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "fastly" + ] + }, + { + "id": "Finicity client secret", + "description": "Finicity client secret", + "regex": "(?i)(finicity[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{20})['\\\"]", + "secretGroup": 3, + "keywords": [ + "finicity" + ] + }, + { + "id": "Finicity API token", + "description": "Finicity API token", + "regex": "(?i)(finicity[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "finicity" + ] + }, + { + "id": "Flutterwave public key", + "description": "Flutterwave public key", + "regex": "FLWPUBK_TEST-(?i)[a-h0-9]{32}-X", + "keywords": [ + "FLWPUBK_TEST" + ] + }, + { + "id": "Flutterwave secret key", + "description": "Flutterwave secret key", + "regex": "FLWSECK_TEST-(?i)[a-h0-9]{32}-X", + "keywords": [ + "FLWSECK_TEST" + ] + }, + { + "id": "Flutterwave encrypted key", + "description": "Flutterwave encrypted key", + "regex": "FLWSECK_TEST[a-h0-9]{12}", + "keywords": [ + "FLWSECK_TEST" + ] + }, + { + "id": "Frame.io API token", + "description": "Frame.io API token", + "regex": "fio-u-(?i)[a-z0-9-_=]{64}", + "keywords": [ + "fio-u-" + ] + }, + { + "id": "GoCardless API token", + "description": "GoCardless API token", + "regex": "['\\\"]live_(?i)[a-z0-9-_=]{40}['\\\"]", + "keywords": [ + "gocardless" + ] + }, + { + "id": "Grafana API token", + "description": "Grafana API token", + "regex": "['\\\"]eyJrIjoi(?i)[a-z0-9-_=]{72,92}['\\\"]", + "keywords": [ + "grafana" + ] + }, + { + "id": "Hashicorp Terraform user/org API token", + "description": "Hashicorp Terraform user/org API token", + "regex": "['\\\"](?i)[a-z0-9]{14}\\.atlasv1\\.[a-z0-9-_=]{60,70}['\\\"]", + "keywords": [ + "atlasv1", + "hashicorp", + "terraform" + ] + }, + { + "id": "Hashicorp Vault batch token", + "description": "Hashicorp Vault batch token", + "regex": "b\\.AAAAAQ[0-9a-zA-Z_-]{156}", + "keywords": [ + "hashicorp", + "AAAAAQ", + "vault" + ] + }, + { + "id": "Hubspot API token", + "description": "Hubspot API token", + "regex": "(?i)(hubspot[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\\\"]", + "secretGroup": 3, + "keywords": [ + "hubspot" + ] + }, + { + "id": "Intercom API token", + "description": "Intercom API token", + "regex": "(?i)(intercom[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9=_]{60})['\\\"]", + "secretGroup": 3, + "keywords": [ + "intercom" + ] + }, + { + "id": "Intercom client secret/ID", + "description": "Intercom client secret/ID", + "regex": "(?i)(intercom[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\\\"]", + "secretGroup": 3, + "keywords": [ + "intercom" + ] + }, + { + "id": "Ionic API token", + "description": "Ionic API token", + "regex": "ion_(?i)[a-z0-9]{42}", + "keywords": [ + "ion_" + ] + }, + { + "id": "Linear API token", + "description": "Linear API token", + "regex": "lin_api_(?i)[a-z0-9]{40}", + "keywords": [ + "lin_api_" + ] + }, + { + "id": "Linear client secret/ID", + "description": "Linear client secret/ID", + "regex": "(?i)(linear[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "linear" + ] + }, + { + "id": "Lob API Key", + "description": "Lob API Key", + "regex": "(?i)(lob[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]((live|test)_[a-f0-9]{35})['\\\"]", + "secretGroup": 3, + "keywords": [ + "lob" + ] + }, + { + "id": "Lob Publishable API Key", + "description": "Lob Publishable API Key", + "regex": "(?i)(lob[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]((test|live)_pub_[a-f0-9]{31})['\\\"]", + "secretGroup": 3, + "keywords": [ + "lob" + ] + }, + { + "id": "Mailchimp API key", + "description": "Mailchimp API key", + "regex": "(?i)(mailchimp[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32}-us20)['\\\"]", + "secretGroup": 3, + "keywords": [ + "mailchimp" + ] + }, + { + "id": "Mailgun private API token", + "description": "Mailgun private API token", + "regex": "(?i)(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](key-[a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "mailgun" + ] + }, + { + "id": "Mailgun public validation key", + "description": "Mailgun public validation key", + "regex": "(?i)(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](pubkey-[a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "mailgun" + ] + }, + { + "id": "Mailgun webhook signing key", + "description": "Mailgun webhook signing key", + "regex": "(?i)(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\\\"]", + "secretGroup": 3, + "keywords": [ + "mailgun" + ] + }, + { + "id": "Mapbox API token", + "description": "Mapbox API token", + "regex": "(?i)(pk\\.[a-z0-9]{60}\\.[a-z0-9]{22})", + "keywords": [ + "mapbox" + ] + }, + { + "id": "messagebird-api-token", + "description": "MessageBird API token", + "regex": "(?i)(messagebird[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{25})['\\\"]", + "secretGroup": 3, + "keywords": [ + "messagebird" + ] + }, + { + "id": "MessageBird API client ID", + "description": "MessageBird API client ID", + "regex": "(?i)(messagebird[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\\\"]", + "secretGroup": 3, + "keywords": [ + "messagebird" + ] + }, + { + "id": "New Relic user API Key", + "description": "New Relic user API Key", + "regex": "['\\\"](NRAK-[A-Z0-9]{27})['\\\"]", + "keywords": [ + "NRAK" + ] + }, + { + "id": "New Relic user API ID", + "description": "New Relic user API ID", + "regex": "(?i)(newrelic[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([A-Z0-9]{64})['\\\"]", + "secretGroup": 3, + "keywords": [ + "newrelic" + ] + }, + { + "id": "New Relic ingest browser API token", + "description": "New Relic ingest browser API token", + "regex": "['\\\"](NRJS-[a-f0-9]{19})['\\\"]", + "keywords": [ + "NRJS" + ] + }, + { + "id": "npm access token", + "description": "npm access token", + "regex": "['\\\"](npm_(?i)[a-z0-9]{36})['\\\"]", + "keywords": [ + "npm_" + ] + }, + { + "id": "Planetscale password", + "description": "Planetscale password", + "regex": "pscale_pw_(?i)[a-z0-9\\-_\\.]{43}", + "keywords": [ + "pscale_pw_" + ] + }, + { + "id": "Planetscale API token", + "description": "Planetscale API token", + "regex": "pscale_tkn_(?i)[a-z0-9\\-_\\.]{43}", + "keywords": [ + "pscale_tkn_" + ] + }, + { + "id": "Postman API token", + "description": "Postman API token", + "regex": "PMAK-(?i)[a-f0-9]{24}\\-[a-f0-9]{34}", + "keywords": [ + "PMAK-" + ] + }, + { + "id": "Pulumi API token", + "description": "Pulumi API token", + "regex": "pul-[a-f0-9]{40}", + "keywords": [ + "pul-" + ] + }, + { + "id": "Rubygem API token", + "description": "Rubygem API token", + "regex": "rubygems_[a-f0-9]{48}", + "keywords": [ + "rubygems_" + ] + }, + { + "id": "Segment Public API token", + "description": "Segment Public API token", + "regex": "sgp_[a-zA-Z0-9]{64}", + "keywords": [ + "sgp_" + ] + }, + { + "id": "Sendgrid API token", + "description": "Sendgrid API token", + "regex": "SG\\.(?i)[a-z0-9_\\-\\.]{66}", + "keywords": [ + "sendgrid" + ] + }, + { + "id": "Sendinblue API token", + "description": "Sendinblue API token", + "regex": "xkeysib-[a-f0-9]{64}\\-(?i)[a-z0-9]{16}", + "keywords": [ + "xkeysib-" + ] + }, + { + "id": "Sendinblue SMTP token", + "description": "Sendinblue SMTP token", + "regex": "xsmtpsib-[a-f0-9]{64}\\-(?i)[a-z0-9]{16}", + "keywords": [ + "xsmtpsib-" + ] + }, + { + "id": "Shippo API token", + "description": "Shippo API token", + "regex": "shippo_(live|test)_[a-f0-9]{40}", + "keywords": [ + "shippo_" + ] + }, + { + "id": "Linkedin Client secret", + "description": "Linkedin Client secret", + "regex": "(?i)(linkedin[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z]{16})['\\\"]", + "secretGroup": 3, + "keywords": [ + "linkedin" + ] + }, + { + "id": "Linkedin Client ID", + "description": "Linkedin Client ID", + "regex": "(?i)(linkedin[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{14})['\\\"]", + "secretGroup": 3, + "keywords": [ + "linkedin" + ] + }, + { + "id": "Twitch API token", + "description": "Twitch API token", + "regex": "(?i)(twitch[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{30})['\\\"]", + "secretGroup": 3, + "keywords": [ + "twitch" + ] + }, + { + "id": "Typeform API token", + "description": "Typeform API token", + "regex": "(?i)(typeform[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}(tfp_[a-z0-9\\-_\\.=]{59})", + "secretGroup": 3, + "keywords": [ + "typeform" + ] + }, + { + "id": "Yandex.Cloud IAM Cookie v1 - 1", + "description": "Yandex.Cloud IAM Cookie v1", + "regex": "\\bc1\\.[A-Z0-9a-z_-]+[=]{0,2}\\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "yandex" + ] + }, + { + "id": "Yandex.Cloud IAM Cookie v1 - 2", + "description": "Yandex.Cloud IAM Token v1", + "regex": "\\bt1\\.[A-Z0-9a-z_-]+[=]{0,2}\\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "yandex" + ] + }, + { + "id": "Yandex.Cloud IAM Cookie v1 - 3", + "description": "Yandex.Cloud IAM API key v1", + "regex": "\\bAQVN[A-Za-z0-9_\\-]{35,38}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "yandex" + ] + }, + { + "id": "Yandex.Cloud AWS API compatible Access Secret", + "description": "Yandex.Cloud AWS API compatible Access Secret", + "regex": "\\bYC[a-zA-Z0-9_\\-]{38}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "yandex" + ] + }, + { + "id": "Meta access token", + "description": "Meta access token", + "regex": "\\bEA[a-zA-Z0-9]{90,400}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "EA" + ] + }, + { + "id": "Oculus access token", + "description": "Oculus access token", + "regex": "\\bOC[a-zA-Z0-9]{90,400}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "OC" + ] + }, + { + "id": "Instagram access token", + "description": "Instagram access token", + "regex": "\\bIG[a-zA-Z0-9]{90,400}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "IG" + ] + }, + { + "id": "CircleCI access tokens", + "description": "CircleCI access tokens", + "regex": "\\bCCI(?:PAT|PRJ)_[a-zA-Z0-9]{22}_[a-f0-9]{40}", + "keywords": [ + "CircleCI" + ] + }, + { + "description": "Open AI API key", + "id": "open ai token", + "regex": "\\bsk-[a-zA-Z0-9]{48}\\b", + "keywords": [ + "sk-" + ] + }, + { + "id": "Tailscale key", + "description": "Tailscale keys", + "regex": "\\btskey-\\w+-\\w+-\\w+\\b", + "keywords": [ + "tskey-" + ] + } + ] + }, + "findings": { + "49757d656e182f9732f85b94d8131b351dc7cddcf4038b338064af51450986f1": { + "id": "49757d656e182f9732f85b94d8131b351dc7cddcf4038b338064af51450986f1", + "url": "https://testing.atlassian.net/wiki/spaces/CS/pages/19968862/007-3.3+Configuration", + "secret": "##\naws.access.keyId=\naws.access.secretKe", + "details": { + "matched_regex_config": { + "id": "AWS", + "description": "AWS Access Token", + "regex": "\\bAKIA[0-9A-Z]{16}\\b", + "tags": [ + "aws", + "revocation_type" + ], + "keywords": [ + "AKIA" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "05610c1c48395ed79b7b4b4dbce7407a4bfb8bdbb8d3edce785d172ac2a68e18": { + "id": "05610c1c48395ed79b7b4b4dbce7407a4bfb8bdbb8d3edce785d172ac2a68e18", + "url": "https://testing.atlassian.net/wiki/spaces/DAT/pages/25002228/Atlas+DB+Connector", + "secret": "ostgres url\n\nurl = \"\nengine = sqlalchemy", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "d2e4247f2926ba8fec40a059cca536748af3c2011fce265f0f15e5cfd9bb552b": { + "id": "d2e4247f2926ba8fec40a059cca536748af3c2011fce265f0f15e5cfd9bb552b", + "url": "https://testing.atlassian.net/wiki/spaces/DS/pages/21540885/Safeguard+-+other+DB+engines+for+the+audio+hashes", + "secret": "ONNECTION_STRING = '\nclient = MongoClien", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "bf2e6402fd0d051f87682f0fd2c83fc30737c17657f436ba6c8ce2508af6f623": { + "id": "bf2e6402fd0d051f87682f0fd2c83fc30737c17657f436ba6c8ce2508af6f623", + "url": "https://testing.atlassian.net/wiki/spaces/DMP/pages/1288474/SSH+Tunnel+to+Cloud+SQL", + "secret": "hemy.create_engine('\n\tSession = sessionm", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "e1343d4d60f2a5eb87ec4472c331c7c2ef7da737b0376bd199067fc4377b5e0c": { + "id": "e1343d4d60f2a5eb87ec4472c331c7c2ef7da737b0376bd199067fc4377b5e0c", + "url": "https://testing.atlassian.net/wiki/spaces/PROBILLER/pages/29948310/Adding+a+new+support+site+BE", + "secret": "olspan=\"1\">>\"\n\t}\n}]]>"
  &", + "details": { + "matched_regex_config": { + "id": "Stripe", + "description": "Stripe", + "regex": "(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}", + "keywords": [ + "sk_test", + "pk_test", + "sk_live", + "pk_live" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "8e01b92cb297f9b6041964559ddeed1bcfe61599310dab067f2f09fb7531281b": { + "id": "8e01b92cb297f9b6041964559ddeed1bcfe61599310dab067f2f09fb7531281b", + "url": "https://testing.atlassian.net/wiki/spaces/PROBILLER/pages/30154330/TODO+NOTE+FOR+Request", + "secret": "olspan=\"1\">o\\nMIIEvgIBADANBgkqhk", + "details": { + "matched_regex_config": { + "id": "PKCS8 private key", + "description": "PKCS8 private key", + "regex": "-----BEGIN PRIVATE KEY-----", + "keywords": [ + "-----BEGIN PRIVATE KEY-----" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "8c6469ccd4deab89a9f6c6317f84c7deec651210136c3d0462cae45808224e88": { + "id": "8c6469ccd4deab89a9f6c6317f84c7deec651210136c3d0462cae45808224e88", + "url": "https://testing.atlassian.net/wiki/spaces/PROBILLER/pages/30154387/List+of+Google+Experiments", + "secret": "te_key": "\\nMIIEvgIBADANBgkqhk", + "details": { + "matched_regex_config": { + "id": "PKCS8 private key", + "description": "PKCS8 private key", + "regex": "-----BEGIN PRIVATE KEY-----", + "keywords": [ + "-----BEGIN PRIVATE KEY-----" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "db44576aaaf05a1dd3337c4c55739d1c981346b4745615814f2543575a7e0a4f": { + "id": "db44576aaaf05a1dd3337c4c55739d1c981346b4745615814f2543575a7e0a4f", + "url": "https://testing.atlassian.net/wiki/spaces/INFSEC/pages/43549424/Legal+Workflows", + "secret": "xy_auth = 'otating.proxyrack.ne", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "95313351d245a509fdceca3c8c0b7549d078f915c75bfc423cab13c706ba0006": { + "id": "95313351d245a509fdceca3c8c0b7549d078f915c75bfc423cab13c706ba0006", + "url": "https://testing.atlassian.net/wiki/spaces/MGNUT/pages/23112821/Postman", + "secret": "-header 'X-Api-Key: '

2. Base", + "details": { + "matched_regex_config": { + "id": "Postman API token", + "description": "Postman API token", + "regex": "PMAK-(?i)[a-f0-9]{24}\\-[a-f0-9]{34}", + "keywords": [ + "PMAK-" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "f98f3c10baeb90fed6e138c82b697c99d7c89dbf30958b4ad971da89b8fd13df": { + "id": "f98f3c10baeb90fed6e138c82b697c99d7c89dbf30958b4ad971da89b8fd13df", + "url": "https://testing.atlassian.net/wiki/spaces/mobi/pages/15569913/Useful+commands", + "secret": "[CDATA[curl -IL -x \"\n\nOR\n\ncurl -IL -x vi", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "3a07f81938c833cf5ba2af471965a5204343cb2013371a5a897fd9298e37ad65": { + "id": "3a07f81938c833cf5ba2af471965a5204343cb2013371a5a897fd9298e37ad65", + "url": "https://testing.atlassian.net/wiki/spaces/NIC/pages/7604505/Distributions+Environments", + "secret": " \"current_key\": \"\n }\n ],\n", + "details": { + "matched_regex_config": { + "id": "GCP API key", + "description": "GCP API keys can be misused to gain API quota from billed projects", + "tags": [ + "gitlab_partner_token", + "revocation_type" + ], + "regex": "(?i)\\b(AIza[0-9A-Za-z-_]{35})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "secretGroup": 1, + "keywords": [ + "AIza" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "b9dcabfcbfada43276938c2a20cfc6850f66b03c8dba12ed23e1bb04a57f9e2c": { + "id": "b9dcabfcbfada43276938c2a20cfc6850f66b03c8dba12ed23e1bb04a57f9e2c", + "url": "https://testing.atlassian.net/wiki/spaces/NIC/pages/7663554/Compliance+Operations", + "secret": "56&X-Amz-Credential=%2F20210713%2Fus-eas", + "details": { + "matched_regex_config": { + "id": "AWS", + "description": "AWS Access Token", + "regex": "\\bAKIA[0-9A-Z]{16}\\b", + "tags": [ + "aws", + "revocation_type" + ], + "keywords": [ + "AKIA" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "f052f9155e7489bf779a45ec416e5d23a4c63e26ea5527486290b1ea29cffa65": { + "id": "f052f9155e7489bf779a45ec416e5d23a4c63e26ea5527486290b1ea29cffa65", + "url": "https://testing.atlassian.net/wiki/spaces/paysites/pages/30531725/Cron+Job+List", + "secret": "et -m -r -np -t inf \ncd /home/dbimport/2", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "f7d257a57274f1aaa0418ea694fd2b3784b34f8b5d0fb797a9c2f1a1297388ce": { + "id": "f7d257a57274f1aaa0418ea694fd2b3784b34f8b5d0fb797a9c2f1a1297388ce", + "url": "https://testing.atlassian.net/wiki/spaces/PE/pages/41207424/Troubleshooting", + "secret": "e contained within '' and '-----END PRIV", + "details": { + "matched_regex_config": { + "id": "PKCS8 private key", + "description": "PKCS8 private key", + "regex": "-----BEGIN PRIVATE KEY-----", + "keywords": [ + "-----BEGIN PRIVATE KEY-----" + ] + }, + "platform": "Confluence", + "ticket_field": "comments" + } + } + } +} \ No newline at end of file diff --git a/unittests/tools/test_n0s1_parser.py b/unittests/tools/test_n0s1_parser.py new file mode 100644 index 00000000000..5229e61e515 --- /dev/null +++ b/unittests/tools/test_n0s1_parser.py @@ -0,0 +1,31 @@ + + +from dojo.models import Test, Test_Type +from dojo.tools.n0s1.parser import N0s1Parser +from unittests.dojo_test_case import DojoTestCase, get_unit_tests_scans_path + + +class TestN0s1Parser(DojoTestCase): + + def test_n0s1_parser_with_multiple_findings(self): + with (get_unit_tests_scans_path("n0s1") / "many_findings.json").open(encoding="utf-8") as testfile: + parser = N0s1Parser() + test_type = Test_Type(name="n0s1 Scanner") + test = Test(test_type=test_type) + findings = parser.get_findings(testfile, test) + self.assertEqual(17, len(findings)) + finding = findings[0] + self.assertEqual(finding.title, "AWS") + self.assertIsNotNone(finding.description) + self.assertTrue(finding.dynamic_finding) + self.assertEqual(test.test_type.name, "n0s1 Scanner") + + def test_detect_subscanner_returns_correct_type(self): + with (get_unit_tests_scans_path("n0s1") / "many_findings.json").open(encoding="utf-8") as testfile: + parser = N0s1Parser() + tests = parser.get_tests("n0s1 Scanner", testfile) + self.assertEqual(1, len(tests)) + test = tests[0] + self.assertEqual("n0s1 Confluence", test.name) + self.assertEqual("Scan from n0s1 Confluence", test.description) + self.assertEqual(17, len(test.findings)) diff --git a/unittests/tools/test_rusty_hog_parser.py b/unittests/tools/test_rusty_hog_parser.py index a9fc057f50e..96c5e48a80b 100644 --- a/unittests/tools/test_rusty_hog_parser.py +++ b/unittests/tools/test_rusty_hog_parser.py @@ -1,3 +1,4 @@ +from dojo.models import Test, Test_Type from dojo.tools.rusty_hog.parser import RustyhogParser from unittests.dojo_test_case import DojoTestCase, get_unit_tests_scans_path @@ -21,6 +22,15 @@ def test_parse_file_with_multiple_vuln_has_multiple_finding_choctawhog(self): findings = parser.get_findings(testfile, "Choctaw Hog") self.assertEqual(13, len(findings)) + def test_parse_file_with_multiple_vuln_test_type(self): + with (get_unit_tests_scans_path("rusty_hog") / "choctawhog_many_vulns.json").open(encoding="utf-8") as testfile: + test_type = Test_Type(name="Rusty Hog") + test = Test(test_type=test_type) + self.assertEqual("Rusty Hog", test.test_type.name) + parser = RustyhogParser() + tests = parser.get_tests("Rusty Hog", testfile) + self.assertEqual("Rusty Hog", tests[0].name) + def test_parse_file_with_multiple_vuln_has_multiple_finding_choctawhog_content(self): with (get_unit_tests_scans_path("rusty_hog") / "choctawhog_many_vulns.json").open(encoding="utf-8") as testfile: parser = RustyhogParser() From d303fea442e08d626f94376eb501e02f790475df Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 4 Nov 2025 13:09:51 -0600 Subject: [PATCH 14/54] chore(deps): update dependency renovatebot/renovate from 41.169.4 to v41.170.0 (.github/workflows/renovate.yaml) (#13615) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 5d867c02a0c..5fe5dc50e66 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -21,4 +21,4 @@ jobs: uses: suzuki-shunsuke/github-action-renovate-config-validator@c22827f47f4f4a5364bdba19e1fe36907ef1318e # v1.1.1 with: strict: "true" - validator_version: 41.169.4 # renovate: datasource=github-releases depName=renovatebot/renovate + validator_version: 41.170.0 # renovate: datasource=github-releases depName=renovatebot/renovate From 3052ac3113c2b7dd7495db1fb7bdc9c03053f227 Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Wed, 5 Nov 2025 21:32:02 +0100 Subject: [PATCH 15/54] :tada: Advance reimport to update fix_available field #12633 (#12922) * :tada: Advance reimport to update fix_available field #12633 * docs * update * Update using_reimport.md * implement a fixed version * rebase fix * Update dojo/models.py Co-authored-by: valentijnscholten * Update default_reimporter.py * add unittests and grype * update * add unittests * ruff * update * sync migration * rebase * update according to comment * update according to rebase * update * update * Clarify reimport behavior for findings update Reimport will update existing findings 'fix_available' and 'fix_version' fields based on the incoming scan report. * update --------- Co-authored-by: valentijnscholten --- .../import_scan_files/using_reimport.md | 4 + docs/content/en/open_source/upgrading/2.53.md | 3 + ...7_remove_finding_insert_insert_and_more.py | 49 +++ dojo/importers/default_reimporter.py | 7 + dojo/models.py | 5 + dojo/templates/dojo/view_finding.html | 20 ++ dojo/tools/anchore_grype/parser.py | 7 + .../scans/anchore_grype/fix_available.json | 315 ++++++++++++++++++ .../anchore_grype/fix_not_available.json | 313 +++++++++++++++++ unittests/test_import_reimport.py | 26 ++ unittests/tools/test_anchore_grype_parser.py | 16 + 11 files changed, 765 insertions(+) create mode 100644 dojo/db_migrations/0247_remove_finding_insert_insert_and_more.py create mode 100644 unittests/scans/anchore_grype/fix_available.json create mode 100644 unittests/scans/anchore_grype/fix_not_available.json diff --git a/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md b/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md index 8645d3ba184..c702099f7bc 100644 --- a/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md +++ b/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md @@ -32,6 +32,10 @@ Any vulnerabilities which were not contained in the previous import will be adde If any incoming Findings match Findings that already exist, the incoming Findings will be discarded rather than recorded as Duplicates. These Findings have been recorded already \- no need to add a new Finding object. The Test page will show these Findings as **Left Untouched**. +### Fields fix_available and fix_version + +If any incoming Findings match Findings that already exist, the incoming Finding is checked if the fields `fix_available` and `fix_version` differ and are updated if yes. These Findings have been recorded already \- no need to add a new Finding object. The Test page will show these Findings as **Left Untouched**. + ### Close Findings If there are any Findings that already exist in the Test but which are not present in the incoming report, you can choose to automatically set those Findings to Inactive and Mitigated (on the assumption that those vulnerabilities have been resolved since the previous import). The Test page will show these Findings as **Closed**. diff --git a/docs/content/en/open_source/upgrading/2.53.md b/docs/content/en/open_source/upgrading/2.53.md index 7eafce4e660..b1aad525f26 100644 --- a/docs/content/en/open_source/upgrading/2.53.md +++ b/docs/content/en/open_source/upgrading/2.53.md @@ -5,3 +5,6 @@ weight: -20251103 description: No special instructions. --- There are no special instructions for upgrading to 2.53.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.53.0) for the contents of the release. + +## Reimport updates fields fix_available and fix_version +Reimport will update existing findings `fix_available` and `fix_version` fields based on the incoming scan report. diff --git a/dojo/db_migrations/0247_remove_finding_insert_insert_and_more.py b/dojo/db_migrations/0247_remove_finding_insert_insert_and_more.py new file mode 100644 index 00000000000..43bad6c2a7c --- /dev/null +++ b/dojo/db_migrations/0247_remove_finding_insert_insert_and_more.py @@ -0,0 +1,49 @@ +# Generated by Django 5.1.13 on 2025-11-01 12:54 + +import pgtrigger.compiler +import pgtrigger.migrations +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0246_endpoint_idx_ep_product_lower_host_and_more'), + ] + + operations = [ + pgtrigger.migrations.RemoveTrigger( + model_name='finding', + name='insert_insert', + ), + pgtrigger.migrations.RemoveTrigger( + model_name='finding', + name='update_update', + ), + pgtrigger.migrations.RemoveTrigger( + model_name='finding', + name='delete_delete', + ), + migrations.AddField( + model_name='finding', + name='fix_version', + field=models.CharField(blank=True, help_text='Version of the affected component in which the flaw is fixed.', max_length=100, null=True, verbose_name='Fix version'), + ), + migrations.AddField( + model_name='findingevent', + name='fix_version', + field=models.CharField(blank=True, help_text='Version of the affected component in which the flaw is fixed.', max_length=100, null=True, verbose_name='Fix version'), + ), + pgtrigger.migrations.AddTrigger( + model_name='finding', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_findingevent" ("active", "component_name", "component_version", "created", "cve", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "cwe", "date", "defect_review_requested_by_id", "description", "duplicate", "duplicate_finding_id", "dynamic_finding", "effort_for_fixing", "epss_percentile", "epss_score", "false_p", "file_path", "fix_available", "fix_version", "hash_code", "id", "impact", "is_mitigated", "kev_date", "known_exploited", "last_reviewed", "last_reviewed_by_id", "last_status_update", "line", "mitigated", "mitigated_by_id", "mitigation", "nb_occurences", "numerical_severity", "out_of_scope", "param", "payload", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "planned_remediation_date", "planned_remediation_version", "publish_date", "ransomware_used", "refs", "reporter_id", "review_requested_by_id", "risk_accepted", "sast_sink_object", "sast_source_file_path", "sast_source_line", "sast_source_object", "scanner_confidence", "service", "severity", "severity_justification", "sla_expiration_date", "sla_start_date", "sonarqube_issue_id", "static_finding", "steps_to_reproduce", "test_id", "thread_id", "title", "under_defect_review", "under_review", "unique_id_from_tool", "url", "verified", "vuln_id_from_tool") VALUES (NEW."active", NEW."component_name", NEW."component_version", NEW."created", NEW."cve", NEW."cvssv3", NEW."cvssv3_score", NEW."cvssv4", NEW."cvssv4_score", NEW."cwe", NEW."date", NEW."defect_review_requested_by_id", NEW."description", NEW."duplicate", NEW."duplicate_finding_id", NEW."dynamic_finding", NEW."effort_for_fixing", NEW."epss_percentile", NEW."epss_score", NEW."false_p", NEW."file_path", NEW."fix_available", NEW."fix_version", NEW."hash_code", NEW."id", NEW."impact", NEW."is_mitigated", NEW."kev_date", NEW."known_exploited", NEW."last_reviewed", NEW."last_reviewed_by_id", NEW."last_status_update", NEW."line", NEW."mitigated", NEW."mitigated_by_id", NEW."mitigation", NEW."nb_occurences", NEW."numerical_severity", NEW."out_of_scope", NEW."param", NEW."payload", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."planned_remediation_date", NEW."planned_remediation_version", NEW."publish_date", NEW."ransomware_used", NEW."refs", NEW."reporter_id", NEW."review_requested_by_id", NEW."risk_accepted", NEW."sast_sink_object", NEW."sast_source_file_path", NEW."sast_source_line", NEW."sast_source_object", NEW."scanner_confidence", NEW."service", NEW."severity", NEW."severity_justification", NEW."sla_expiration_date", NEW."sla_start_date", NEW."sonarqube_issue_id", NEW."static_finding", NEW."steps_to_reproduce", NEW."test_id", NEW."thread_id", NEW."title", NEW."under_defect_review", NEW."under_review", NEW."unique_id_from_tool", NEW."url", NEW."verified", NEW."vuln_id_from_tool"); RETURN NULL;', hash='7420e87ec2d068d96796af35888c418c547b768a', operation='INSERT', pgid='pgtrigger_insert_insert_2fbbb', table='dojo_finding', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='finding', + trigger=pgtrigger.compiler.Trigger(name='update_update', sql=pgtrigger.compiler.UpsertTriggerSql(condition='WHEN (OLD."active" IS DISTINCT FROM (NEW."active") OR OLD."component_name" IS DISTINCT FROM (NEW."component_name") OR OLD."component_version" IS DISTINCT FROM (NEW."component_version") OR OLD."cve" IS DISTINCT FROM (NEW."cve") OR OLD."cvssv3" IS DISTINCT FROM (NEW."cvssv3") OR OLD."cvssv3_score" IS DISTINCT FROM (NEW."cvssv3_score") OR OLD."cvssv4" IS DISTINCT FROM (NEW."cvssv4") OR OLD."cvssv4_score" IS DISTINCT FROM (NEW."cvssv4_score") OR OLD."cwe" IS DISTINCT FROM (NEW."cwe") OR OLD."date" IS DISTINCT FROM (NEW."date") OR OLD."defect_review_requested_by_id" IS DISTINCT FROM (NEW."defect_review_requested_by_id") OR OLD."description" IS DISTINCT FROM (NEW."description") OR OLD."duplicate" IS DISTINCT FROM (NEW."duplicate") OR OLD."duplicate_finding_id" IS DISTINCT FROM (NEW."duplicate_finding_id") OR OLD."dynamic_finding" IS DISTINCT FROM (NEW."dynamic_finding") OR OLD."effort_for_fixing" IS DISTINCT FROM (NEW."effort_for_fixing") OR OLD."epss_percentile" IS DISTINCT FROM (NEW."epss_percentile") OR OLD."epss_score" IS DISTINCT FROM (NEW."epss_score") OR OLD."false_p" IS DISTINCT FROM (NEW."false_p") OR OLD."file_path" IS DISTINCT FROM (NEW."file_path") OR OLD."fix_available" IS DISTINCT FROM (NEW."fix_available") OR OLD."fix_version" IS DISTINCT FROM (NEW."fix_version") OR OLD."hash_code" IS DISTINCT FROM (NEW."hash_code") OR OLD."id" IS DISTINCT FROM (NEW."id") OR OLD."impact" IS DISTINCT FROM (NEW."impact") OR OLD."is_mitigated" IS DISTINCT FROM (NEW."is_mitigated") OR OLD."kev_date" IS DISTINCT FROM (NEW."kev_date") OR OLD."known_exploited" IS DISTINCT FROM (NEW."known_exploited") OR OLD."last_reviewed" IS DISTINCT FROM (NEW."last_reviewed") OR OLD."last_reviewed_by_id" IS DISTINCT FROM (NEW."last_reviewed_by_id") OR OLD."line" IS DISTINCT FROM (NEW."line") OR OLD."mitigated" IS DISTINCT FROM (NEW."mitigated") OR OLD."mitigated_by_id" IS DISTINCT FROM (NEW."mitigated_by_id") OR OLD."mitigation" IS DISTINCT FROM (NEW."mitigation") OR OLD."nb_occurences" IS DISTINCT FROM (NEW."nb_occurences") OR OLD."numerical_severity" IS DISTINCT FROM (NEW."numerical_severity") OR OLD."out_of_scope" IS DISTINCT FROM (NEW."out_of_scope") OR OLD."param" IS DISTINCT FROM (NEW."param") OR OLD."payload" IS DISTINCT FROM (NEW."payload") OR OLD."planned_remediation_date" IS DISTINCT FROM (NEW."planned_remediation_date") OR OLD."planned_remediation_version" IS DISTINCT FROM (NEW."planned_remediation_version") OR OLD."publish_date" IS DISTINCT FROM (NEW."publish_date") OR OLD."ransomware_used" IS DISTINCT FROM (NEW."ransomware_used") OR OLD."refs" IS DISTINCT FROM (NEW."refs") OR OLD."reporter_id" IS DISTINCT FROM (NEW."reporter_id") OR OLD."review_requested_by_id" IS DISTINCT FROM (NEW."review_requested_by_id") OR OLD."risk_accepted" IS DISTINCT FROM (NEW."risk_accepted") OR OLD."sast_sink_object" IS DISTINCT FROM (NEW."sast_sink_object") OR OLD."sast_source_file_path" IS DISTINCT FROM (NEW."sast_source_file_path") OR OLD."sast_source_line" IS DISTINCT FROM (NEW."sast_source_line") OR OLD."sast_source_object" IS DISTINCT FROM (NEW."sast_source_object") OR OLD."scanner_confidence" IS DISTINCT FROM (NEW."scanner_confidence") OR OLD."service" IS DISTINCT FROM (NEW."service") OR OLD."severity" IS DISTINCT FROM (NEW."severity") OR OLD."severity_justification" IS DISTINCT FROM (NEW."severity_justification") OR OLD."sla_expiration_date" IS DISTINCT FROM (NEW."sla_expiration_date") OR OLD."sla_start_date" IS DISTINCT FROM (NEW."sla_start_date") OR OLD."sonarqube_issue_id" IS DISTINCT FROM (NEW."sonarqube_issue_id") OR OLD."static_finding" IS DISTINCT FROM (NEW."static_finding") OR OLD."steps_to_reproduce" IS DISTINCT FROM (NEW."steps_to_reproduce") OR OLD."test_id" IS DISTINCT FROM (NEW."test_id") OR OLD."thread_id" IS DISTINCT FROM (NEW."thread_id") OR OLD."title" IS DISTINCT FROM (NEW."title") OR OLD."under_defect_review" IS DISTINCT FROM (NEW."under_defect_review") OR OLD."under_review" IS DISTINCT FROM (NEW."under_review") OR OLD."unique_id_from_tool" IS DISTINCT FROM (NEW."unique_id_from_tool") OR OLD."url" IS DISTINCT FROM (NEW."url") OR OLD."verified" IS DISTINCT FROM (NEW."verified") OR OLD."vuln_id_from_tool" IS DISTINCT FROM (NEW."vuln_id_from_tool"))', func='INSERT INTO "dojo_findingevent" ("active", "component_name", "component_version", "created", "cve", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "cwe", "date", "defect_review_requested_by_id", "description", "duplicate", "duplicate_finding_id", "dynamic_finding", "effort_for_fixing", "epss_percentile", "epss_score", "false_p", "file_path", "fix_available", "fix_version", "hash_code", "id", "impact", "is_mitigated", "kev_date", "known_exploited", "last_reviewed", "last_reviewed_by_id", "last_status_update", "line", "mitigated", "mitigated_by_id", "mitigation", "nb_occurences", "numerical_severity", "out_of_scope", "param", "payload", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "planned_remediation_date", "planned_remediation_version", "publish_date", "ransomware_used", "refs", "reporter_id", "review_requested_by_id", "risk_accepted", "sast_sink_object", "sast_source_file_path", "sast_source_line", "sast_source_object", "scanner_confidence", "service", "severity", "severity_justification", "sla_expiration_date", "sla_start_date", "sonarqube_issue_id", "static_finding", "steps_to_reproduce", "test_id", "thread_id", "title", "under_defect_review", "under_review", "unique_id_from_tool", "url", "verified", "vuln_id_from_tool") VALUES (NEW."active", NEW."component_name", NEW."component_version", NEW."created", NEW."cve", NEW."cvssv3", NEW."cvssv3_score", NEW."cvssv4", NEW."cvssv4_score", NEW."cwe", NEW."date", NEW."defect_review_requested_by_id", NEW."description", NEW."duplicate", NEW."duplicate_finding_id", NEW."dynamic_finding", NEW."effort_for_fixing", NEW."epss_percentile", NEW."epss_score", NEW."false_p", NEW."file_path", NEW."fix_available", NEW."fix_version", NEW."hash_code", NEW."id", NEW."impact", NEW."is_mitigated", NEW."kev_date", NEW."known_exploited", NEW."last_reviewed", NEW."last_reviewed_by_id", NEW."last_status_update", NEW."line", NEW."mitigated", NEW."mitigated_by_id", NEW."mitigation", NEW."nb_occurences", NEW."numerical_severity", NEW."out_of_scope", NEW."param", NEW."payload", _pgh_attach_context(), NOW(), \'update\', NEW."id", NEW."planned_remediation_date", NEW."planned_remediation_version", NEW."publish_date", NEW."ransomware_used", NEW."refs", NEW."reporter_id", NEW."review_requested_by_id", NEW."risk_accepted", NEW."sast_sink_object", NEW."sast_source_file_path", NEW."sast_source_line", NEW."sast_source_object", NEW."scanner_confidence", NEW."service", NEW."severity", NEW."severity_justification", NEW."sla_expiration_date", NEW."sla_start_date", NEW."sonarqube_issue_id", NEW."static_finding", NEW."steps_to_reproduce", NEW."test_id", NEW."thread_id", NEW."title", NEW."under_defect_review", NEW."under_review", NEW."unique_id_from_tool", NEW."url", NEW."verified", NEW."vuln_id_from_tool"); RETURN NULL;', hash='d7e612a41414689328bb28abab60a073aa989fad', operation='UPDATE', pgid='pgtrigger_update_update_92175', table='dojo_finding', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='finding', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_findingevent" ("active", "component_name", "component_version", "created", "cve", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "cwe", "date", "defect_review_requested_by_id", "description", "duplicate", "duplicate_finding_id", "dynamic_finding", "effort_for_fixing", "epss_percentile", "epss_score", "false_p", "file_path", "fix_available", "fix_version", "hash_code", "id", "impact", "is_mitigated", "kev_date", "known_exploited", "last_reviewed", "last_reviewed_by_id", "last_status_update", "line", "mitigated", "mitigated_by_id", "mitigation", "nb_occurences", "numerical_severity", "out_of_scope", "param", "payload", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "planned_remediation_date", "planned_remediation_version", "publish_date", "ransomware_used", "refs", "reporter_id", "review_requested_by_id", "risk_accepted", "sast_sink_object", "sast_source_file_path", "sast_source_line", "sast_source_object", "scanner_confidence", "service", "severity", "severity_justification", "sla_expiration_date", "sla_start_date", "sonarqube_issue_id", "static_finding", "steps_to_reproduce", "test_id", "thread_id", "title", "under_defect_review", "under_review", "unique_id_from_tool", "url", "verified", "vuln_id_from_tool") VALUES (OLD."active", OLD."component_name", OLD."component_version", OLD."created", OLD."cve", OLD."cvssv3", OLD."cvssv3_score", OLD."cvssv4", OLD."cvssv4_score", OLD."cwe", OLD."date", OLD."defect_review_requested_by_id", OLD."description", OLD."duplicate", OLD."duplicate_finding_id", OLD."dynamic_finding", OLD."effort_for_fixing", OLD."epss_percentile", OLD."epss_score", OLD."false_p", OLD."file_path", OLD."fix_available", OLD."fix_version", OLD."hash_code", OLD."id", OLD."impact", OLD."is_mitigated", OLD."kev_date", OLD."known_exploited", OLD."last_reviewed", OLD."last_reviewed_by_id", OLD."last_status_update", OLD."line", OLD."mitigated", OLD."mitigated_by_id", OLD."mitigation", OLD."nb_occurences", OLD."numerical_severity", OLD."out_of_scope", OLD."param", OLD."payload", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."planned_remediation_date", OLD."planned_remediation_version", OLD."publish_date", OLD."ransomware_used", OLD."refs", OLD."reporter_id", OLD."review_requested_by_id", OLD."risk_accepted", OLD."sast_sink_object", OLD."sast_source_file_path", OLD."sast_source_line", OLD."sast_source_object", OLD."scanner_confidence", OLD."service", OLD."severity", OLD."severity_justification", OLD."sla_expiration_date", OLD."sla_start_date", OLD."sonarqube_issue_id", OLD."static_finding", OLD."steps_to_reproduce", OLD."test_id", OLD."thread_id", OLD."title", OLD."under_defect_review", OLD."under_review", OLD."unique_id_from_tool", OLD."url", OLD."verified", OLD."vuln_id_from_tool"); RETURN NULL;', hash='b78d66e2d4e1cb791b58b944a8b9204f13fe1552', operation='DELETE', pgid='pgtrigger_delete_delete_72933', table='dojo_finding', when='AFTER')), + ), + ] diff --git a/dojo/importers/default_reimporter.py b/dojo/importers/default_reimporter.py index a1625a85f33..f6c687c2f53 100644 --- a/dojo/importers/default_reimporter.py +++ b/dojo/importers/default_reimporter.py @@ -483,6 +483,10 @@ def process_matched_mitigated_finding( to cover circumstances where mitigation timestamps are different, and decide which one to honor """ + if existing_finding.fix_available != unsaved_finding.fix_available: + existing_finding.fix_available = unsaved_finding.fix_available + existing_finding.fix_version = unsaved_finding.fix_version + # if the reimported item has a mitigation time, we can compare if unsaved_finding.is_mitigated: # The new finding is already mitigated, so nothing to change on the @@ -592,6 +596,9 @@ def process_matched_active_finding( # First check that the existing finding is definitely not mitigated if not (existing_finding.mitigated and existing_finding.is_mitigated): logger.debug("Reimported item matches a finding that is currently open.") + if existing_finding.fix_available != unsaved_finding.fix_available: + existing_finding.fix_available = unsaved_finding.fix_available + existing_finding.fix_version = unsaved_finding.fix_version if unsaved_finding.is_mitigated: logger.debug("Reimported mitigated item matches a finding that is currently open, closing.") # TODO: Implement a date comparison for opened defectdojo findings before closing them by reimporting, diff --git a/dojo/models.py b/dojo/models.py index 396e851f9b4..aadd28bbc6f 100644 --- a/dojo/models.py +++ b/dojo/models.py @@ -2434,6 +2434,11 @@ class Finding(models.Model): default=None, verbose_name=_("Fix Available"), help_text=_("Denotes if there is a fix available for this flaw.")) + fix_version = models.CharField(null=True, + blank=True, + max_length=100, + verbose_name=_("Fix version"), + help_text=_("Version of the affected component in which the flaw is fixed.")) impact = models.TextField(verbose_name=_("Impact"), null=True, blank=True, diff --git a/dojo/templates/dojo/view_finding.html b/dojo/templates/dojo/view_finding.html index c8f79b63b25..2626130ed07 100755 --- a/dojo/templates/dojo/view_finding.html +++ b/dojo/templates/dojo/view_finding.html @@ -554,6 +554,12 @@

{% if finding.component_version %} Component Version {% endif %} + {% if finding.fix_available %} + Fix Available + {% endif %} + {% if finding.fix_version %} + Fixed Version + {% endif %} {% if finding.has_jira_configured or finding.jira_issue %} JIRA JIRA Change @@ -611,6 +617,20 @@

{% endif %} + {% if finding.fix_available %} + + + {{ finding.fix_available }} + + + {% endif %} + {% if finding.fix_version %} + + + {{ finding.fix_version }} + + + {% endif %} {% if finding.has_jira_configured or finding.has_jira_issue or finding.has_jira_group_issue %} {% if finding.has_jira_group_issue %} diff --git a/dojo/tools/anchore_grype/parser.py b/dojo/tools/anchore_grype/parser.py index 2cf89b87f44..34b55b738a9 100644 --- a/dojo/tools/anchore_grype/parser.py +++ b/dojo/tools/anchore_grype/parser.py @@ -121,11 +121,16 @@ def get_findings(self, file, test): finding_description += f"\n**Package URL:** {artifact_purl}" finding_mitigation = None + fix_available = False + fix_version = None if vuln_fix_versions: + fix_available = True finding_mitigation = "Upgrade to version:" if len(vuln_fix_versions) == 1: finding_mitigation += f" {vuln_fix_versions[0]}" + fix_version = vuln_fix_versions[0] else: + fix_version = ", ".join(vuln_fix_versions) for fix_version in vuln_fix_versions: finding_mitigation += f"\n- {fix_version}" @@ -200,6 +205,8 @@ def get_findings(self, file, test): dynamic_finding=False, nb_occurences=1, file_path=file_path, + fix_available=fix_available, + fix_version=fix_version, ) dupes[dupe_key].unsaved_vulnerability_ids = vulnerability_ids diff --git a/unittests/scans/anchore_grype/fix_available.json b/unittests/scans/anchore_grype/fix_available.json new file mode 100644 index 00000000000..42aab80d74b --- /dev/null +++ b/unittests/scans/anchore_grype/fix_available.json @@ -0,0 +1,315 @@ +{ + "matches": [ + { + "vulnerability": { + "id": "CVE-2009-3882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2009-3882", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", + "http://java.sun.com/javase/6/webnotes/6u17.html", + "http://secunia.com/advisories/37386", + "http://security.gentoo.org/glsa/glsa-200911-02.xml", + "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084", + "https://bugzilla.redhat.com/show_bug.cgi?id=530175", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7300", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8841" + ], + "description": "Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to \"information leaks in mutable variables,\" aka Bug Id 6657026.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.4 + }, + "vendorMetadata": {} + } + ], + "fix": { + "versions": [ + "1.2.3" + ], + "state": "fixed" + }, + "advisories": [] + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:oracle:openjdk:17.0.10+7\u0000-J-ms8m:*:*:*:*:*:*:*" + ], + "Package": { + "name": "java", + "version": "17.0.10+7\u0000-J-ms8m" + } + }, + "found": { + "vulnerabilityID": "CVE-2009-3882", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "9263533999d7e833", + "name": "java", + "version": "17.0.10+7\u0000-J-ms8m", + "type": "binary", + "locations": [ + { + "path": "/opt/java/openjdk/bin/java", + "layerID": "sha256:089f13e86d6447b9182a23ca4e357b13f067208db1b04ba14cac3edb51c2e6a8" + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:oracle:openjdk:17.0.10+7\u0000-J-ms8m:*:*:*:*:*:*:*" + ], + "purl": "pkg:generic/java@17.0.10%2B7\u0000-J-ms8m", + "upstreams": [] + } + } + ], + "source": { + "type": "image", + "target": { + "userInput": "REDACTED", + "imageID": "sha256:07a3eb7aaaaaaaaa69f29ff9a2945c9bb0a6592654421b8357c", + "manifestDigest": "sha256:4e1c538085614cbc0c9affbb206abbec3220118425409662e46b3d4bb71d1b6d", + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "tags": [], + "imageSize": 514054352, + "layers": [ + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5faf9c0a9efe4675ecd21a4ec417d51077d5e75da9e673161a94e7d6cd43f92c", + "size": 72802466 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:61bb835859af3b3418d9e5115ee0d0421d771af4b576354cb47e4911898411e6", + "size": 45773705 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:089f13e86d6447b9182a23ca4e357b13f067208db1b04ba14cac3edb51c2e6a8", + "size": 140722808 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:8a6992ae127d603d9816b4ac8d1b3b3f6b0bb29b1e64e38c86247805de797dcd", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:31c91cb1196883a0861aa5f1d363e6e343070418704db46e47df1735eb95e473", + "size": 1182 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:2adb74596640882e72d1cfd59684d1d3053a4eaccc8cbd4ff769a6bc103736d9", + "size": 1780912 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:d3bd5e7d3a771e112ed5b0f61be054654d828c5198f6aee29dc57fb47f5ecede", + "size": 60515187 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:ebe801fcbe62d62d5bee3994743f3d556ecea3c6fcac9e4eb9c4b157cfd5c05d", + "size": 1143874 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:cdf08086dbb4ff8e9de7b5986a4fe720a91b3508932988a9931a44bc595c0451", + "size": 32 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:62cee45bfd8de3003a1745ba5cce836429b96fab015d6c8d347edb5fc2b8f538", + "size": 393832 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:7d93f74f90a566f90f6ce733e1f03e592770f0eb579ebb3339ac43732913dcf5", + "size": 368 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:b626fe3114d1abd6c629c5adeb769fe28112e0268242a1bc66497ec6c6fddfc0", + "size": 1734 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:ecdc721e0f0e4244958fd6ed4aa658f600f66cc49e8e258680bbb8f0781b1eae", + "size": 2102 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:c3f7d9738db6fe33aa41e359b35ccad67c52e9e1fe1d2aa8ae986a52c63abdbc", + "size": 28 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:43054870c5ee79c9c489db42b054d832ed7ad38bb85d7d085ae6d9ed0fa22191", + "size": 31964241 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:629931e16568b7012bc94fa971085301f8239812690ff2422fcbf2a22475eb57", + "size": 158934808 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:9fdd7c20fc0792669cf8e16a770c40d99c0fa3bf74b51500270b762b1420047d", + "size": 17073 + } + ], + "manifest": "ewogICJzY2hlbWFWZXJzaW9uIjogMiwKICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubWFuaWZlc3QudjEranNvbiIsCiAgImNvbmZpZyI6IHsKICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5jb25maWcudjEranNvbiIsCiAgICAiZGlnZXN0IjogInNoYTI1NjowN2EzZWI3YjhlZTM2ZTkxYjZlMmIzZWU2YTFiOTY5ZjI5ZmY5YTI5NDVjOWJiMGE2NTkyNjU0NDIxYjgzNTdjIiwKICAgICJzaXplIjogMTE4ODgKICB9LAogICJsYXllcnMiOiBbCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjYzZTliYmUzMjMyNzRlNzdlNThkNzdjNmFiNjgwMmQyNDc0NThmNzg0MjIyZmJiMDdhMjU1NmQ2ZWM3NGVlMDUiLAogICAgICAic2l6ZSI6IDI4NTg0MzE3CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo0NDgyYjE5MjIwMjFmYjdhNzE5MzI4MzEzMmM5MTQzYTQ2ZjhjNmUzZjIyNTgyY2NhYWViMzAyM2VmOGYwYWUzIiwKICAgICAgInNpemUiOiAxNjkyMDU2MwogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6MjJhZGMyZTM2ZjljODJkN2JiYTFiODJjZWExNjIxNmE2MWZhNzIzYzQ3MDlkMTAwZDM4OTVhNDRhZDBlYzlkYSIsCiAgICAgICJzaXplIjogNDcxNjQxMjYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmE5MzkxN2Y4N2FjM2ExZTljMGM5MDJjYmMyNjcwNTMyZmYyMDhiOGI5NmE0NzAyYTUzMGU2ZmVkMzQyOGQ0MDkiLAogICAgICAic2l6ZSI6IDE1OQogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6ZmMwZDZlYzBmNmE0YWRiN2UwMGUyMDdjYzBmMWRmOTM0M2ViOTM0MDQxOTU1MTg4MjU2YWE5MGNhZTgwMDdjYiIsCiAgICAgICJzaXplIjogNzMzCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjozYjQwMjk2N2UxYjJhYWRlMDBjOTkwZWFlZmQ3NjEyMjYzZTFkNTZlMzMyNTE0Yzg5OTljZGM2NjYyNzVhYmRkIiwKICAgICAgInNpemUiOiA0Njk2NDIKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjI3NTA5NjI4OTY4MjQ3ZDNmNTg5Yjk5NGUzNWU1NWI5YjJjNTI3NzQ0NGFjNGUyMzg5OTcwM2UzNjRhZjY1ZjUiLAogICAgICAic2l6ZSI6IDM4Njk3NzM5CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo5ZWQwNmM0ZWRkMTllYzRjMDBhM2YxODlhMDNkOGM1Yzg0ODM4ZTc3MzQ3MTkwZDlmMTM1MDhkZDk5ZWZmMjk4IiwKICAgICAgInNpemUiOiAzNTA3MjcKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjRmNGZiNzAwZWY1NDQ2MWNmYTAyNTcxYWUwZGI5YTBkYzFlMGNkYjU1Nzc0ODRhNmQ3NWU2OGRjMzhlOGFjYzEiLAogICAgICAic2l6ZSI6IDMyCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo3YTFhMTQxMTQ3ZjYyMTY2MmJlYWUyZDc5MzcwODMyODU4YjFiY2EzZDIyMmRkNzY0YTYwYjY4NGViN2E0NzNlIiwKICAgICAgInNpemUiOiAyMDYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjJhM2YxNDM3NDVjNTBjMTRhMTJmZDBmYTdkOTAzYmY4MzBjZGQ2NTc2NDNhZWQ0MTVhNjMzMmEwMDdlMmEzMzMiLAogICAgICAic2l6ZSI6IDE5OTgKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmZjNTkxNmUxMWEzOTc5ZmM0NzFiOWFkMWU0NDIwMDBiZmI1YmQyNjJlZjg0YWFiOWYyMGJmODRiNzFmYmJkYzAiLAogICAgICAic2l6ZSI6IDM3NQogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6ZjE2MTJmYWNkMjhiNDIzOWEwNmE5OGZiNWUxMWMzMjViYmZkYmNkOGJjZWVkMDdlZDE2NjcxZWFkODdkOTQ2YiIsCiAgICAgICJzaXplIjogOTE1CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjoxMTFlYTU5YmNiNjZjZjYxOTFiYzU5YTI4ZTU4ZTI0MzIyNjkwYmFlODU2MTc4MThjZDY5YTYxNzM0MjAwYWIyIiwKICAgICAgInNpemUiOiAxMTAzCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjoxYWIxNjY5OWQ2ZDlkNzVkYzg0MmE4ZjUzMTUxM2NiYzk4OWFiYTY0Y2UxZWEzNjA2YTIzMmRlMWU0ZWVkNGIzIiwKICAgICAgInNpemUiOiAyNTYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjRmNGZiNzAwZWY1NDQ2MWNmYTAyNTcxYWUwZGI5YTBkYzFlMGNkYjU1Nzc0ODRhNmQ3NWU2OGRjMzhlOGFjYzEiLAogICAgICAic2l6ZSI6IDMyCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjpiMTMyMmJhYWE5Zjc3MmMwNzJlOWY0NDhkZjJkMDZiNjZkYmEyNzhkNTY3MGIyYWYwZDM5Njg0OTBkOTJlMzUwIiwKICAgICAgInNpemUiOiAxODg4MzQ2NgogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6NGY0ZmI3MDBlZjU0NDYxY2ZhMDI1NzFhZTBkYjlhMGRjMWUwY2RiNTU3NzQ4NGE2ZDc1ZTY4ZGMzOGU4YWNjMSIsCiAgICAgICJzaXplIjogMzIKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmExYzc5YjJlZjkwYmExZDlhZTMwZjNhOGNlNzEyYjQ0MGU0YWEyOGIxODc1NzA4ZmRjMTYwNzJkMTgyNTBhNmIiLAogICAgICAic2l6ZSI6IDE0OTQyMjY4OAogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6MzBhNmQ2NTMzN2JiOGE0Njg2MTUyMDVmMzFjOTJkYjZmMmRmYTFmMzJkNzI1Y2IxZjcwZjQwYjE4ODA1OGMyOSIsCiAgICAgICJzaXplIjogMzI1NgogICAgfQogIF0KfQ==", + "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJVc2VyIjoiY2FtcyIsIkV4cG9zZWRQb3J0cyI6eyI4MDgwL3RjcCI6e319LCJFbnYiOlsiUEFUSD0vb3B0L2phdmEvb3Blbmpkay9iaW46L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluIiwiSkFWQV9IT01FPS9vcHQvamF2YS9vcGVuamRrIiwiTEFORz1lbl9VUy5VVEYtOCIsIkxBTkdVQUdFPWVuX1VTOmVuIiwiTENfQUxMPWVuX1VTLlVURi04IiwiSkFWQV9WRVJTSU9OPWpkay0xNy4wLjEwKzciLCJKQVZBX09QVFM9LVhYOk1pblJBTVBlcmNlbnRhZ2U9NTAgLVhYOk1heFJBTVBlcmNlbnRhZ2U9ODAgLVhYOitVc2VDb250YWluZXJTdXBwb3J0IiwiU1BSSU5HX0NPTkZJR19MT0NBVElPTj1maWxlOi9ldGMvY2Ftcy8iLCJTUFJJTkdfUFJPRklMRVNfQUNUSVZFPSIsIkNBTVNfQVBQTElDQVRJT049YXBwbGljYXRpb24uamFyIiwiQ0FNU19BUFBfUE9SVD04MDgwIiwiVkVSU0lPTj0wLjE1MC4wIiwiTkFNRT1qb3VybmFsLXJlcG9ydC1zZXJ2aWNlcy1hcHAiXSwiRW50cnlwb2ludCI6WyIvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaCJdLCJXb3JraW5nRGlyIjoiL29wdC9jYW1zIiwiTGFiZWxzIjp7ImFyY2hpdGVjdHVyZSI6IiIsImJ6Y29tcG9uZW50Ijoiam91cm5hbC1yZXBvcnQtc2VydmljZXMtYXBwIiwibWFpbnRhaW5lciI6IlRlY2huZXN0IElUIFx1MDAzY2l0QHRlY2huZXN0LmVzXHUwMDNlIiwibmFtZSI6ImpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5yZWYubmFtZSI6InVidW50dSIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uIjoiMjAuMDQiLCJyZWxlYXNlIjoiMC4xNTAuMCIsInZlcnNpb24iOiIwLjE1MC4wIn19LCJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzoxMC42NTIyMDEwNVoiLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMjAyNC0wMi0xNlQyMTozMjo0OS42NjE2NzY5NVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIEFSRyBSRUxFQVNFIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NDkuNjk0NjczMjkzWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSAgQVJHIExBVU5DSFBBRF9CVUlMRF9BUkNIIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NDkuNzE5ODk2NTMxWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSAgTEFCRUwgb3JnLm9wZW5jb250YWluZXJzLmltYWdlLnJlZi5uYW1lPXVidW50dSIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAyLTE2VDIxOjMyOjQ5Ljc1ODkxMzc1N1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIExBQkVMIG9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uPTIwLjA0IiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NTIuMTc2NDA4NDFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIEFERCBmaWxlOmEyNTc5OGYzMTIxOTAwMGQ2YTgyZDJjOTI1ODc0MzkyNmIxYTQwMDUzMGQxMmRiYjFlYWRmMmMyNTE5Zjk4ODggaW4gLyAifSx7ImNyZWF0ZWQiOiIyMDI0LTAyLTE2VDIxOjMyOjUyLjM5MTMzMzc1NFoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIENNRCBbXCIvYmluL2Jhc2hcIl0iLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfSE9NRT0vb3B0L2phdmEvb3BlbmpkayIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IkVOViBQQVRIPS9vcHQvamF2YS9vcGVuamRrL2JpbjovdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJFTlYgTEFORz1lbl9VUy5VVEYtOCBMQU5HVUFHRT1lbl9VUzplbiBMQ19BTEw9ZW5fVVMuVVRGLTgiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBzZXQgLWV1eDsgICAgIGFwdC1nZXQgdXBkYXRlOyAgICAgREVCSUFOX0ZST05URU5EPW5vbmludGVyYWN0aXZlIGFwdC1nZXQgaW5zdGFsbCAteSAtLW5vLWluc3RhbGwtcmVjb21tZW5kcyAgICAgICAgIGN1cmwgICAgICAgICB3Z2V0ICAgICAgICAgZm9udGNvbmZpZyAgICAgICAgIGNhLWNlcnRpZmljYXRlcyBwMTEta2l0ICAgICAgICAgdHpkYXRhICAgICAgICAgbG9jYWxlcyAgICAgOyAgICAgZWNobyBcImVuX1VTLlVURi04IFVURi04XCIgXHUwMDNlXHUwMDNlIC9ldGMvbG9jYWxlLmdlbjsgICAgIGxvY2FsZS1nZW4gZW5fVVMuVVRGLTg7ICAgICBybSAtcmYgL3Zhci9saWIvYXB0L2xpc3RzLyogIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfVkVSU0lPTj1qZGstMTcuMC4xMCs3IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgc2V0IC1ldXg7ICAgICBBUkNIPVwiJChkcGtnIC0tcHJpbnQtYXJjaGl0ZWN0dXJlKVwiOyAgICAgY2FzZSBcIiR7QVJDSH1cIiBpbiAgICAgICAgYWFyY2g2NHxhcm02NCkgICAgICAgICAgRVNVTT0nMTYwODBkMDU1ZGEwOTYyZmJkNmI0MGY2NTlhOThhNDU3Y2JhM2VmYTdlYTcxNmQ1NDAwY2ZlYmU4YjkzNWJmMCc7ICAgICAgICAgIEJJTkFSWV9VUkw9J2h0dHBzOi8vZ2l0aHViLmNvbS9hZG9wdGl1bS90ZW11cmluMTctYmluYXJpZXMvcmVsZWFzZXMvZG93bmxvYWQvamRrLTE3LjAuMTAlMkI3L09wZW5KREsxN1UtanJlX2FhcmNoNjRfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIGFtZDY0fGkzODY6eDg2LTY0KSAgICAgICAgICBFU1VNPSc2MjBjYzBlNzMzOGYyNzIyZjNlZDA3NmFjNjVjMGZhZmI1NzU5ODE0MjZiYWM0ZTE5NzA4NjBlNWUyZDA0OGYwJzsgICAgICAgICAgQklOQVJZX1VSTD0naHR0cHM6Ly9naXRodWIuY29tL2Fkb3B0aXVtL3RlbXVyaW4xNy1iaW5hcmllcy9yZWxlYXNlcy9kb3dubG9hZC9qZGstMTcuMC4xMCUyQjcvT3BlbkpESzE3VS1qcmVfeDY0X2xpbnV4X2hvdHNwb3RfMTcuMC4xMF83LnRhci5neic7ICAgICAgICAgIDs7ICAgICAgICBhcm1oZnxhcm0pICAgICAgICAgIEVTVU09JzAzNzhiZGY2NzY5NjMyYjE4MmIyN2JhNGU1M2IxN2VhZWZlZmRiYWZhMzg0NWMxNWUxYmQ4OGE1YWVlYzg0NDInOyAgICAgICAgICBCSU5BUllfVVJMPSdodHRwczovL2dpdGh1Yi5jb20vYWRvcHRpdW0vdGVtdXJpbjE3LWJpbmFyaWVzL3JlbGVhc2VzL2Rvd25sb2FkL2pkay0xNy4wLjEwJTJCNy9PcGVuSkRLMTdVLWpyZV9hcm1fbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIHBwYzY0ZWx8cG93ZXJwYzpjb21tb242NCkgICAgICAgICAgRVNVTT0nNGUxOGI2MGRiYTU0MGI1YzQzMWZmMDNmNzRhMWM3M2IyMmQ4MzE1MWY5M2I4NzY4MjQxZDI2NGQxYTUzNTgyZCc7ICAgICAgICAgIEJJTkFSWV9VUkw9J2h0dHBzOi8vZ2l0aHViLmNvbS9hZG9wdGl1bS90ZW11cmluMTctYmluYXJpZXMvcmVsZWFzZXMvZG93bmxvYWQvamRrLTE3LjAuMTAlMkI3L09wZW5KREsxN1UtanJlX3BwYzY0bGVfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIHMzOTB4fHMzOTA6NjQtYml0KSAgICAgICAgICBFU1VNPSdjMWIyZmQyMzJmYzU1ZTgxNDQ3OWQ3NTg1ZDdlYzQ1YmFlOTUyYTJmNDEzNzA4NGYxZDk5Zjk1OGM2ODgwYTQ5JzsgICAgICAgICAgQklOQVJZX1VSTD0naHR0cHM6Ly9naXRodWIuY29tL2Fkb3B0aXVtL3RlbXVyaW4xNy1iaW5hcmllcy9yZWxlYXNlcy9kb3dubG9hZC9qZGstMTcuMC4xMCUyQjcvT3BlbkpESzE3VS1qcmVfczM5MHhfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgICopICAgICAgICAgIGVjaG8gXCJVbnN1cHBvcnRlZCBhcmNoOiAke0FSQ0h9XCI7ICAgICAgICAgIGV4aXQgMTsgICAgICAgICAgOzsgICAgIGVzYWM7ICAgICB3Z2V0IC0tcHJvZ3Jlc3M9ZG90OmdpZ2EgLU8gL3RtcC9vcGVuamRrLnRhci5neiAke0JJTkFSWV9VUkx9OyAgICAgZWNobyBcIiR7RVNVTX0gKi90bXAvb3Blbmpkay50YXIuZ3pcIiB8IHNoYTI1NnN1bSAtYyAtOyAgICAgbWtkaXIgLXAgXCIkSkFWQV9IT01FXCI7ICAgICB0YXIgLS1leHRyYWN0ICAgICAgICAgLS1maWxlIC90bXAvb3Blbmpkay50YXIuZ3ogICAgICAgICAtLWRpcmVjdG9yeSBcIiRKQVZBX0hPTUVcIiAgICAgICAgIC0tc3RyaXAtY29tcG9uZW50cyAxICAgICAgICAgLS1uby1zYW1lLW93bmVyICAgICA7ICAgICBybSAtZiAvdG1wL29wZW5qZGsudGFyLmd6ICR7SkFWQV9IT01FfS9saWIvc3JjLnppcDsgICAgIGZpbmQgXCIkSkFWQV9IT01FL2xpYlwiIC1uYW1lICcqLnNvJyAtZXhlYyBkaXJuYW1lICd7fScgJzsnIHwgc29ydCAtdSBcdTAwM2UgL2V0Yy9sZC5zby5jb25mLmQvZG9ja2VyLW9wZW5qZGsuY29uZjsgICAgIGxkY29uZmlnOyAgICAgamF2YSAtWHNoYXJlOmR1bXA7ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIHNldCAtZXV4OyAgICAgZWNobyBcIlZlcmlmeWluZyBpbnN0YWxsIC4uLlwiOyAgICAgZWNobyBcImphdmEgLS12ZXJzaW9uXCI7IGphdmEgLS12ZXJzaW9uOyAgICAgZWNobyBcIkNvbXBsZXRlLlwiICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IkNPUFkgZW50cnlwb2ludC5zaCAvX19jYWNlcnRfZW50cnlwb2ludC5zaCAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJFTlRSWVBPSU5UIFtcIi9fX2NhY2VydF9lbnRyeXBvaW50LnNoXCJdIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNjo0NS45NDE2OTAzNzdaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGVjaG8gJ2RlYmNvbmYgZGViY29uZi9mcm9udGVuZCBzZWxlY3QgTm9uaW50ZXJhY3RpdmUnIHwgZGViY29uZi1zZXQtc2VsZWN0aW9ucyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjAzLjA0OTQ2MjM4NVoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IHVwZGF0ZSBcdTAwMjZcdTAwMjYgICAgIGFwdCB1cGdyYWRlIC15IFx1MDAyNlx1MDAyNiAgICAgYXB0IGluc3RhbGwgLXkgc3VkbyBwcm9jcHMgbmV0LXRvb2xzICAgICAgYXB0LXV0aWxzIHdnZXQgY3VybCBjYS1jZXJ0aWZpY2F0ZXMganEgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzowOC42OTA0MDkxODFaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGFwdCBpbnN0YWxsIC15IGxpYmFwcjEgbGliYXBydXRpbDEgXHUwMDI2XHUwMDI2ICAgICBlY2hvICdMRF9MSUJSQVJZX1BBVEg9JExEX0xJQlJBUllfUEFUSDovdXNyL2xvY2FsL2Fwci9saWInIFx1MDAzZVx1MDAzZSAvZXRjL3Byb2ZpbGUuZC9hcGFjaGVfdG9tY2F0X25hdGl2ZV9saWJyYXJ5LnNoIFx1MDAyNlx1MDAyNiAgICAgZWNobyAnZXhwb3J0IExEX0xJQlJBUllfUEFUSCcgXHUwMDNlXHUwMDNlIC9ldGMvcHJvZmlsZS5kL2FwYWNoZV90b21jYXRfbmF0aXZlX2xpYnJhcnkuc2ggIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS4wODYxMjU1NloiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IGNsZWFuIGF1dG9jbGVhbiBcdTAwMjZcdTAwMjYgICAgIGFwdCBhdXRvcmVtb3ZlIC15IFx1MDAyNlx1MDAyNiAgICAgcm0gLXJmIC92YXIvbGliL3thcHQsZHBrZyxjYWNoZSxsb2d9LyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjE3Njk2NjQ1MVoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgZWNobyAndW5zZXQgSElTVE9SWScgXHUwMDNlXHUwMDNlIC9ldGMvcHJvZmlsZS5kL2Rpc2FibGVfYmFzaF9oaXN0b3J5LnNoIFx1MDAyNlx1MDAyNiAgICAgZWNobyAnZXhwb3J0IEhJU1RTSVpFPTAnICBcdTAwM2VcdTAwM2UgL2V0Yy9wcm9maWxlLmQvZGlzYWJsZV9iYXNoX2hpc3Rvcnkuc2ggIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS40MTE3OTU4NjVaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIG1rZGlyIC9vcHQvY2FtcyAvZXRjL3NzbC9jYW1zIFx1MDAyNlx1MDAyNiAgICAgZ3JvdXBhZGQgLWcgMTIwMCBjYW1zIFx1MDAyNlx1MDAyNiAgICAgYWRkdXNlciAtLXN5c3RlbSAtLXNoZWxsIC9zYmluL25vbG9naW4gLS1ob21lIC9vcHQvY2FtcyAtLWdpZCAxMjAwIC0tdWlkIDEyMDAgY2FtcyBcdTAwMjZcdTAwMjYgICAgIGNob3duIGNhbXM6Y2FtcyAvb3B0L2NhbXMgL2V0Yy9zc2wvY2FtcyBcdTAwMjZcdTAwMjYgICAgIGVjaG8gJ3NvdXJjZSAvZXRjL3Byb2ZpbGUnIFx1MDAzZVx1MDAzZSAvb3B0L2NhbXMvLmJhc2hyYyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjQ0MjUyMTI3WiIsImNyZWF0ZWRfYnkiOiJBREQgY2Ftcy5zdWRvZXJzIC9ldGMvc3Vkb2Vycy5kL2NhbXMgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS40ODQxOTIwMTVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgLS1jaG93bj1jYW1zOmNhbXMgZG9ja2VyLWVudHJ5cG9pbnQuc2ggL3Vzci9sb2NhbC9iaW4gIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS41OTUxODAyNTJaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGNobW9kIDc1NSAvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaCBcdTAwMjZcdTAwMjYgICAgIGNobW9kIDY1MCAvZXRjL3N1ZG9lcnMuZC9jYW1zICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMDlUMTM6MDc6MTEuNzM3NDg5OTQ4WiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBta2RpciAtcCAkSkFWQV9IT01FL2pyZS9saWIvc2VjdXJpdHkvIFx1MDAyNlx1MDAyNiAgICAgZWNobyBcIm5ldHdvcmthZGRyZXNzLmNhY2hlLnR0bD02MFwiIFx1MDAzZVx1MDAzZSAkSkFWQV9IT01FL2pyZS9saWIvc2VjdXJpdHkvamF2YS5zZWN1cml0eSAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjc3MzAyMjM4WiIsImNyZWF0ZWRfYnkiOiJVU0VSIGNhbXMiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjc3MzAyMjM4WiIsImNyZWF0ZWRfYnkiOiJXT1JLRElSIC9vcHQvY2FtcyIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS43NzMwMjIzOFoiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfT1BUUz0tWFg6TWluUkFNUGVyY2VudGFnZT01MCAtWFg6TWF4UkFNUGVyY2VudGFnZT04MCAtWFg6K1VzZUNvbnRhaW5lclN1cHBvcnQgU1BSSU5HX0NPTkZJR19MT0NBVElPTj1maWxlOi9ldGMvY2Ftcy8gU1BSSU5HX1BST0ZJTEVTX0FDVElWRT0gQ0FNU19BUFBMSUNBVElPTj1hcHBsaWNhdGlvbi5qYXIgQ0FNU19BUFBfUE9SVD04MDgwIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS43NzMwMjIzOFoiLCJjcmVhdGVkX2J5IjoiRU5UUllQT0lOVCBbXCIvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaFwiXSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MDkuMzg0NjUzNjE4WiIsImNyZWF0ZWRfYnkiOiJFTlYgVkVSU0lPTj0wLjE1MC4wIE5BTUU9am91cm5hbC1yZXBvcnQtc2VydmljZXMtYXBwIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzowOS4zODQ2NTM2MThaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIGJ6Y29tcG9uZW50PWpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCBuYW1lPWpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCB2ZXJzaW9uPTAuMTUwLjAgcmVsZWFzZT0wLjE1MC4wIGFyY2hpdGVjdHVyZT0gbWFpbnRhaW5lcj1UZWNobmVzdCBJVCBcdTAwM2NpdEB0ZWNobmVzdC5lc1x1MDAzZSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MDkuMzg0NjUzNjE4WiIsImNyZWF0ZWRfYnkiOiJVU0VSIHJvb3QiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjA5LjM4NDY1MzYxOFoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IHVwZGF0ZSBcdTAwMjZcdTAwMjYgYXB0IGluc3RhbGwgLXkgZm9udGNvbmZpZyBmb250cy1mcmVlZm9udC10dGYgZm9udHMtZnJlZWZvbnQtdHRmIGZvbnRzLWRlamF2dS1jb3JlIGZvbnRzLWRlamF2dS1leHRyYSAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjA5LjM4NDY1MzYxOFoiLCJjcmVhdGVkX2J5IjoiVVNFUiBjYW1zIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzowOS40MTk5ODE3MDhaIiwiY3JlYXRlZF9ieSI6IldPUktESVIgL29wdC9jYW1zIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjEwLjYwMzE2NzAwOVoiLCJjcmVhdGVkX2J5IjoiQ09QWSAtLWNob3duPWNhbXM6Y2FtcyAqLmphciAvb3B0L2NhbXMvYXBwbGljYXRpb24uamFyICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MTAuNjUyMjAxMDVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgLS1jaG93bj1jYW1zOmNhbXMgY29uZmlnIC9ldGMvY2FtcyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjEwLjY1MjIwMTA1WiIsImNyZWF0ZWRfYnkiOiJFWFBPU0UgbWFwWzgwODAvdGNwOnt9XSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9XSwib3MiOiJsaW51eCIsInJvb3RmcyI6eyJ0eXBlIjoibGF5ZXJzIiwiZGlmZl9pZHMiOlsic2hhMjU2OjVmYWY5YzBhOWVmZTQ2NzVlY2QyMWE0ZWM0MTdkNTEwNzdkNWU3NWRhOWU2NzMxNjFhOTRlN2Q2Y2Q0M2Y5MmMiLCJzaGEyNTY6NjFiYjgzNTg1OWFmM2IzNDE4ZDllNTExNWVlMGQwNDIxZDc3MWFmNGI1NzYzNTRjYjQ3ZTQ5MTE4OTg0MTFlNiIsInNoYTI1NjowODlmMTNlODZkNjQ0N2I5MTgyYTIzY2E0ZTM1N2IxM2YwNjcyMDhkYjFiMDRiYTE0Y2FjM2VkYjUxYzJlNmE4Iiwic2hhMjU2OjhhNjk5MmFlMTI3ZDYwM2Q5ODE2YjRhYzhkMWIzYjNmNmIwYmIyOWIxZTY0ZTM4Yzg2MjQ3ODA1ZGU3OTdkY2QiLCJzaGEyNTY6MzFjOTFjYjExOTY4ODNhMDg2MWFhNWYxZDM2M2U2ZTM0MzA3MDQxODcwNGRiNDZlNDdkZjE3MzVlYjk1ZTQ3MyIsInNoYTI1NjoyYWRiNzQ1OTY2NDA4ODJlNzJkMWNmZDU5Njg0ZDFkMzA1M2E0ZWFjY2M4Y2JkNGZmNzY5YTZiYzEwMzczNmQ5Iiwic2hhMjU2OmQzYmQ1ZTdkM2E3NzFlMTEyZWQ1YjBmNjFiZTA1NDY1NGQ4MjhjNTE5OGY2YWVlMjlkYzU3ZmI0N2Y1ZWNlZGUiLCJzaGEyNTY6ZWJlODAxZmNiZTYyZDYyZDViZWUzOTk0NzQzZjNkNTU2ZWNlYTNjNmZjYWM5ZTRlYjljNGIxNTdjZmQ1YzA1ZCIsInNoYTI1Njo1ZjcwYmYxOGEwODYwMDcwMTZlOTQ4YjA0YWVkM2I4MjEwM2EzNmJlYTQxNzU1YjZjZGRmYWYxMGFjZTNjNmVmIiwic2hhMjU2OmNkZjA4MDg2ZGJiNGZmOGU5ZGU3YjU5ODZhNGZlNzIwYTkxYjM1MDg5MzI5ODhhOTkzMWE0NGJjNTk1YzA0NTEiLCJzaGEyNTY6NjJjZWU0NWJmZDhkZTMwMDNhMTc0NWJhNWNjZTgzNjQyOWI5NmZhYjAxNWQ2YzhkMzQ3ZWRiNWZjMmI4ZjUzOCIsInNoYTI1Njo3ZDkzZjc0ZjkwYTU2NmY5MGY2Y2U3MzNlMWYwM2U1OTI3NzBmMGViNTc5ZWJiMzMzOWFjNDM3MzI5MTNkY2Y1Iiwic2hhMjU2OmI2MjZmZTMxMTRkMWFiZDZjNjI5YzVhZGViNzY5ZmUyODExMmUwMjY4MjQyYTFiYzY2NDk3ZWM2YzZmZGRmYzAiLCJzaGEyNTY6ZWNkYzcyMWUwZjBlNDI0NDk1OGZkNmVkNGFhNjU4ZjYwMGY2NmNjNDllOGUyNTg2ODBiYmI4ZjA3ODFiMWVhZSIsInNoYTI1NjpjM2Y3ZDk3MzhkYjZmZTMzYWE0MWUzNTliMzVjY2FkNjdjNTJlOWUxZmUxZDJhYThhZTk4NmE1MmM2M2FiZGJjIiwic2hhMjU2OjVmNzBiZjE4YTA4NjAwNzAxNmU5NDhiMDRhZWQzYjgyMTAzYTM2YmVhNDE3NTViNmNkZGZhZjEwYWNlM2M2ZWYiLCJzaGEyNTY6NDMwNTQ4NzBjNWVlNzljOWM0ODlkYjQyYjA1NGQ4MzJlZDdhZDM4YmI4NWQ3ZDA4NWFlNmQ5ZWQwZmEyMjE5MSIsInNoYTI1Njo1ZjcwYmYxOGEwODYwMDcwMTZlOTQ4YjA0YWVkM2I4MjEwM2EzNmJlYTQxNzU1YjZjZGRmYWYxMGFjZTNjNmVmIiwic2hhMjU2OjYyOTkzMWUxNjU2OGI3MDEyYmM5NGZhOTcxMDg1MzAxZjgyMzk4MTI2OTBmZjI0MjJmY2JmMmEyMjQ3NWViNTciLCJzaGEyNTY6OWZkZDdjMjBmYzA3OTI2NjljZjhlMTZhNzcwYzQwZDk5YzBmYTNiZjc0YjUxNTAwMjcwYjc2MmIxNDIwMDQ3ZCJdfX0=", + "repoDigests": [ + "REDACTED" + ], + "architecture": "amd64", + "os": "linux", + "labels": { + "architecture": "", + "bzcomponent": "REDACTED", + "maintainer": "REDACTED", + "name": "REDACTED", + "org.opencontainers.image.ref.name": "ubuntu", + "org.opencontainers.image.version": "20.04", + "release": "0.150.0", + "version": "0.150.0" + } + } + }, + "distro": { + "name": "ubuntu", + "version": "20.04", + "idLike": [ + "debian" + ] + }, + "descriptor": { + "name": "grype", + "version": "0.75.0", + "configuration": { + "output": [ + "json" + ], + "file": "container-report-linux-amd64.json", + "distro": "", + "add-cpes-if-none": false, + "output-template-file": "", + "check-for-app-update": true, + "only-fixed": false, + "only-notfixed": false, + "ignore-wontfix": "", + "platform": "linux/amd64", + "search": { + "scope": "squashed", + "unindexed-archives": false, + "indexed-archives": true + }, + "ignore": null, + "exclude": [], + "db": { + "cache-dir": "/root/.cache/grype/db", + "update-url": "https://toolbox-data.anchore.io/grype/databases/listing.json", + "ca-cert": "", + "auto-update": true, + "validate-by-hash-on-start": false, + "validate-age": true, + "max-allowed-built-age": 432000000000000, + "update-available-timeout": 30000000000, + "update-download-timeout": 120000000000 + }, + "externalSources": { + "enable": false, + "maven": { + "searchUpstreamBySha1": true, + "baseUrl": "https://search.maven.org/solrsearch/select" + } + }, + "match": { + "java": { + "using-cpes": false + }, + "dotnet": { + "using-cpes": false + }, + "golang": { + "using-cpes": false, + "always-use-cpe-for-stdlib": true + }, + "javascript": { + "using-cpes": false + }, + "python": { + "using-cpes": false + }, + "ruby": { + "using-cpes": false + }, + "rust": { + "using-cpes": false + }, + "stock": { + "using-cpes": true + } + }, + "fail-on-severity": "", + "registry": { + "insecure-skip-tls-verify": false, + "insecure-use-http": false, + "auth": null, + "ca-cert": "" + }, + "show-suppressed": false, + "by-cve": false, + "name": "", + "default-image-pull-source": "", + "vex-documents": [], + "vex-add": [] + }, + "db": { + "built": "2024-04-10T01:25:07Z", + "schemaVersion": 5, + "location": "/root/.cache/grype/db/5", + "checksum": "sha256:bb6e98b144551912bc9f1fe7381ad2b83c8e1d07d0b3a4c341bfea182ae1269c", + "error": null + }, + "timestamp": "2024-04-10T11:05:22.636338786Z" + } +} diff --git a/unittests/scans/anchore_grype/fix_not_available.json b/unittests/scans/anchore_grype/fix_not_available.json new file mode 100644 index 00000000000..a32a61b4c55 --- /dev/null +++ b/unittests/scans/anchore_grype/fix_not_available.json @@ -0,0 +1,313 @@ +{ + "matches": [ + { + "vulnerability": { + "id": "CVE-2009-3882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2009-3882", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", + "http://java.sun.com/javase/6/webnotes/6u17.html", + "http://secunia.com/advisories/37386", + "http://security.gentoo.org/glsa/glsa-200911-02.xml", + "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084", + "https://bugzilla.redhat.com/show_bug.cgi?id=530175", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7300", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8841" + ], + "description": "Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to \"information leaks in mutable variables,\" aka Bug Id 6657026.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.4 + }, + "vendorMetadata": {} + } + ], + "fix": { + "versions": [], + "state": "unknown" + }, + "advisories": [] + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:oracle:openjdk:17.0.10+7\u0000-J-ms8m:*:*:*:*:*:*:*" + ], + "Package": { + "name": "java", + "version": "17.0.10+7\u0000-J-ms8m" + } + }, + "found": { + "vulnerabilityID": "CVE-2009-3882", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "9263533999d7e833", + "name": "java", + "version": "17.0.10+7\u0000-J-ms8m", + "type": "binary", + "locations": [ + { + "path": "/opt/java/openjdk/bin/java", + "layerID": "sha256:089f13e86d6447b9182a23ca4e357b13f067208db1b04ba14cac3edb51c2e6a8" + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:oracle:openjdk:17.0.10+7\u0000-J-ms8m:*:*:*:*:*:*:*" + ], + "purl": "pkg:generic/java@17.0.10%2B7\u0000-J-ms8m", + "upstreams": [] + } + } + ], + "source": { + "type": "image", + "target": { + "userInput": "REDACTED", + "imageID": "sha256:07a3eb7aaaaaaaaa69f29ff9a2945c9bb0a6592654421b8357c", + "manifestDigest": "sha256:4e1c538085614cbc0c9affbb206abbec3220118425409662e46b3d4bb71d1b6d", + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "tags": [], + "imageSize": 514054352, + "layers": [ + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5faf9c0a9efe4675ecd21a4ec417d51077d5e75da9e673161a94e7d6cd43f92c", + "size": 72802466 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:61bb835859af3b3418d9e5115ee0d0421d771af4b576354cb47e4911898411e6", + "size": 45773705 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:089f13e86d6447b9182a23ca4e357b13f067208db1b04ba14cac3edb51c2e6a8", + "size": 140722808 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:8a6992ae127d603d9816b4ac8d1b3b3f6b0bb29b1e64e38c86247805de797dcd", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:31c91cb1196883a0861aa5f1d363e6e343070418704db46e47df1735eb95e473", + "size": 1182 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:2adb74596640882e72d1cfd59684d1d3053a4eaccc8cbd4ff769a6bc103736d9", + "size": 1780912 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:d3bd5e7d3a771e112ed5b0f61be054654d828c5198f6aee29dc57fb47f5ecede", + "size": 60515187 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:ebe801fcbe62d62d5bee3994743f3d556ecea3c6fcac9e4eb9c4b157cfd5c05d", + "size": 1143874 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:cdf08086dbb4ff8e9de7b5986a4fe720a91b3508932988a9931a44bc595c0451", + "size": 32 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:62cee45bfd8de3003a1745ba5cce836429b96fab015d6c8d347edb5fc2b8f538", + "size": 393832 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:7d93f74f90a566f90f6ce733e1f03e592770f0eb579ebb3339ac43732913dcf5", + "size": 368 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:b626fe3114d1abd6c629c5adeb769fe28112e0268242a1bc66497ec6c6fddfc0", + "size": 1734 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:ecdc721e0f0e4244958fd6ed4aa658f600f66cc49e8e258680bbb8f0781b1eae", + "size": 2102 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:c3f7d9738db6fe33aa41e359b35ccad67c52e9e1fe1d2aa8ae986a52c63abdbc", + "size": 28 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:43054870c5ee79c9c489db42b054d832ed7ad38bb85d7d085ae6d9ed0fa22191", + "size": 31964241 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:629931e16568b7012bc94fa971085301f8239812690ff2422fcbf2a22475eb57", + "size": 158934808 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:9fdd7c20fc0792669cf8e16a770c40d99c0fa3bf74b51500270b762b1420047d", + "size": 17073 + } + ], + "manifest": "ewogICJzY2hlbWFWZXJzaW9uIjogMiwKICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubWFuaWZlc3QudjEranNvbiIsCiAgImNvbmZpZyI6IHsKICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5jb25maWcudjEranNvbiIsCiAgICAiZGlnZXN0IjogInNoYTI1NjowN2EzZWI3YjhlZTM2ZTkxYjZlMmIzZWU2YTFiOTY5ZjI5ZmY5YTI5NDVjOWJiMGE2NTkyNjU0NDIxYjgzNTdjIiwKICAgICJzaXplIjogMTE4ODgKICB9LAogICJsYXllcnMiOiBbCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjYzZTliYmUzMjMyNzRlNzdlNThkNzdjNmFiNjgwMmQyNDc0NThmNzg0MjIyZmJiMDdhMjU1NmQ2ZWM3NGVlMDUiLAogICAgICAic2l6ZSI6IDI4NTg0MzE3CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo0NDgyYjE5MjIwMjFmYjdhNzE5MzI4MzEzMmM5MTQzYTQ2ZjhjNmUzZjIyNTgyY2NhYWViMzAyM2VmOGYwYWUzIiwKICAgICAgInNpemUiOiAxNjkyMDU2MwogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6MjJhZGMyZTM2ZjljODJkN2JiYTFiODJjZWExNjIxNmE2MWZhNzIzYzQ3MDlkMTAwZDM4OTVhNDRhZDBlYzlkYSIsCiAgICAgICJzaXplIjogNDcxNjQxMjYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmE5MzkxN2Y4N2FjM2ExZTljMGM5MDJjYmMyNjcwNTMyZmYyMDhiOGI5NmE0NzAyYTUzMGU2ZmVkMzQyOGQ0MDkiLAogICAgICAic2l6ZSI6IDE1OQogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6ZmMwZDZlYzBmNmE0YWRiN2UwMGUyMDdjYzBmMWRmOTM0M2ViOTM0MDQxOTU1MTg4MjU2YWE5MGNhZTgwMDdjYiIsCiAgICAgICJzaXplIjogNzMzCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjozYjQwMjk2N2UxYjJhYWRlMDBjOTkwZWFlZmQ3NjEyMjYzZTFkNTZlMzMyNTE0Yzg5OTljZGM2NjYyNzVhYmRkIiwKICAgICAgInNpemUiOiA0Njk2NDIKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjI3NTA5NjI4OTY4MjQ3ZDNmNTg5Yjk5NGUzNWU1NWI5YjJjNTI3NzQ0NGFjNGUyMzg5OTcwM2UzNjRhZjY1ZjUiLAogICAgICAic2l6ZSI6IDM4Njk3NzM5CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo5ZWQwNmM0ZWRkMTllYzRjMDBhM2YxODlhMDNkOGM1Yzg0ODM4ZTc3MzQ3MTkwZDlmMTM1MDhkZDk5ZWZmMjk4IiwKICAgICAgInNpemUiOiAzNTA3MjcKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjRmNGZiNzAwZWY1NDQ2MWNmYTAyNTcxYWUwZGI5YTBkYzFlMGNkYjU1Nzc0ODRhNmQ3NWU2OGRjMzhlOGFjYzEiLAogICAgICAic2l6ZSI6IDMyCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo3YTFhMTQxMTQ3ZjYyMTY2MmJlYWUyZDc5MzcwODMyODU4YjFiY2EzZDIyMmRkNzY0YTYwYjY4NGViN2E0NzNlIiwKICAgICAgInNpemUiOiAyMDYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjJhM2YxNDM3NDVjNTBjMTRhMTJmZDBmYTdkOTAzYmY4MzBjZGQ2NTc2NDNhZWQ0MTVhNjMzMmEwMDdlMmEzMzMiLAogICAgICAic2l6ZSI6IDE5OTgKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmZjNTkxNmUxMWEzOTc5ZmM0NzFiOWFkMWU0NDIwMDBiZmI1YmQyNjJlZjg0YWFiOWYyMGJmODRiNzFmYmJkYzAiLAogICAgICAic2l6ZSI6IDM3NQogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6ZjE2MTJmYWNkMjhiNDIzOWEwNmE5OGZiNWUxMWMzMjViYmZkYmNkOGJjZWVkMDdlZDE2NjcxZWFkODdkOTQ2YiIsCiAgICAgICJzaXplIjogOTE1CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjoxMTFlYTU5YmNiNjZjZjYxOTFiYzU5YTI4ZTU4ZTI0MzIyNjkwYmFlODU2MTc4MThjZDY5YTYxNzM0MjAwYWIyIiwKICAgICAgInNpemUiOiAxMTAzCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjoxYWIxNjY5OWQ2ZDlkNzVkYzg0MmE4ZjUzMTUxM2NiYzk4OWFiYTY0Y2UxZWEzNjA2YTIzMmRlMWU0ZWVkNGIzIiwKICAgICAgInNpemUiOiAyNTYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjRmNGZiNzAwZWY1NDQ2MWNmYTAyNTcxYWUwZGI5YTBkYzFlMGNkYjU1Nzc0ODRhNmQ3NWU2OGRjMzhlOGFjYzEiLAogICAgICAic2l6ZSI6IDMyCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjpiMTMyMmJhYWE5Zjc3MmMwNzJlOWY0NDhkZjJkMDZiNjZkYmEyNzhkNTY3MGIyYWYwZDM5Njg0OTBkOTJlMzUwIiwKICAgICAgInNpemUiOiAxODg4MzQ2NgogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6NGY0ZmI3MDBlZjU0NDYxY2ZhMDI1NzFhZTBkYjlhMGRjMWUwY2RiNTU3NzQ4NGE2ZDc1ZTY4ZGMzOGU4YWNjMSIsCiAgICAgICJzaXplIjogMzIKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmExYzc5YjJlZjkwYmExZDlhZTMwZjNhOGNlNzEyYjQ0MGU0YWEyOGIxODc1NzA4ZmRjMTYwNzJkMTgyNTBhNmIiLAogICAgICAic2l6ZSI6IDE0OTQyMjY4OAogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6MzBhNmQ2NTMzN2JiOGE0Njg2MTUyMDVmMzFjOTJkYjZmMmRmYTFmMzJkNzI1Y2IxZjcwZjQwYjE4ODA1OGMyOSIsCiAgICAgICJzaXplIjogMzI1NgogICAgfQogIF0KfQ==", + "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJVc2VyIjoiY2FtcyIsIkV4cG9zZWRQb3J0cyI6eyI4MDgwL3RjcCI6e319LCJFbnYiOlsiUEFUSD0vb3B0L2phdmEvb3Blbmpkay9iaW46L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluIiwiSkFWQV9IT01FPS9vcHQvamF2YS9vcGVuamRrIiwiTEFORz1lbl9VUy5VVEYtOCIsIkxBTkdVQUdFPWVuX1VTOmVuIiwiTENfQUxMPWVuX1VTLlVURi04IiwiSkFWQV9WRVJTSU9OPWpkay0xNy4wLjEwKzciLCJKQVZBX09QVFM9LVhYOk1pblJBTVBlcmNlbnRhZ2U9NTAgLVhYOk1heFJBTVBlcmNlbnRhZ2U9ODAgLVhYOitVc2VDb250YWluZXJTdXBwb3J0IiwiU1BSSU5HX0NPTkZJR19MT0NBVElPTj1maWxlOi9ldGMvY2Ftcy8iLCJTUFJJTkdfUFJPRklMRVNfQUNUSVZFPSIsIkNBTVNfQVBQTElDQVRJT049YXBwbGljYXRpb24uamFyIiwiQ0FNU19BUFBfUE9SVD04MDgwIiwiVkVSU0lPTj0wLjE1MC4wIiwiTkFNRT1qb3VybmFsLXJlcG9ydC1zZXJ2aWNlcy1hcHAiXSwiRW50cnlwb2ludCI6WyIvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaCJdLCJXb3JraW5nRGlyIjoiL29wdC9jYW1zIiwiTGFiZWxzIjp7ImFyY2hpdGVjdHVyZSI6IiIsImJ6Y29tcG9uZW50Ijoiam91cm5hbC1yZXBvcnQtc2VydmljZXMtYXBwIiwibWFpbnRhaW5lciI6IlRlY2huZXN0IElUIFx1MDAzY2l0QHRlY2huZXN0LmVzXHUwMDNlIiwibmFtZSI6ImpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5yZWYubmFtZSI6InVidW50dSIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uIjoiMjAuMDQiLCJyZWxlYXNlIjoiMC4xNTAuMCIsInZlcnNpb24iOiIwLjE1MC4wIn19LCJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzoxMC42NTIyMDEwNVoiLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMjAyNC0wMi0xNlQyMTozMjo0OS42NjE2NzY5NVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIEFSRyBSRUxFQVNFIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NDkuNjk0NjczMjkzWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSAgQVJHIExBVU5DSFBBRF9CVUlMRF9BUkNIIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NDkuNzE5ODk2NTMxWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSAgTEFCRUwgb3JnLm9wZW5jb250YWluZXJzLmltYWdlLnJlZi5uYW1lPXVidW50dSIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAyLTE2VDIxOjMyOjQ5Ljc1ODkxMzc1N1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIExBQkVMIG9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uPTIwLjA0IiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NTIuMTc2NDA4NDFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIEFERCBmaWxlOmEyNTc5OGYzMTIxOTAwMGQ2YTgyZDJjOTI1ODc0MzkyNmIxYTQwMDUzMGQxMmRiYjFlYWRmMmMyNTE5Zjk4ODggaW4gLyAifSx7ImNyZWF0ZWQiOiIyMDI0LTAyLTE2VDIxOjMyOjUyLjM5MTMzMzc1NFoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIENNRCBbXCIvYmluL2Jhc2hcIl0iLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfSE9NRT0vb3B0L2phdmEvb3BlbmpkayIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IkVOViBQQVRIPS9vcHQvamF2YS9vcGVuamRrL2JpbjovdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJFTlYgTEFORz1lbl9VUy5VVEYtOCBMQU5HVUFHRT1lbl9VUzplbiBMQ19BTEw9ZW5fVVMuVVRGLTgiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBzZXQgLWV1eDsgICAgIGFwdC1nZXQgdXBkYXRlOyAgICAgREVCSUFOX0ZST05URU5EPW5vbmludGVyYWN0aXZlIGFwdC1nZXQgaW5zdGFsbCAteSAtLW5vLWluc3RhbGwtcmVjb21tZW5kcyAgICAgICAgIGN1cmwgICAgICAgICB3Z2V0ICAgICAgICAgZm9udGNvbmZpZyAgICAgICAgIGNhLWNlcnRpZmljYXRlcyBwMTEta2l0ICAgICAgICAgdHpkYXRhICAgICAgICAgbG9jYWxlcyAgICAgOyAgICAgZWNobyBcImVuX1VTLlVURi04IFVURi04XCIgXHUwMDNlXHUwMDNlIC9ldGMvbG9jYWxlLmdlbjsgICAgIGxvY2FsZS1nZW4gZW5fVVMuVVRGLTg7ICAgICBybSAtcmYgL3Zhci9saWIvYXB0L2xpc3RzLyogIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfVkVSU0lPTj1qZGstMTcuMC4xMCs3IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgc2V0IC1ldXg7ICAgICBBUkNIPVwiJChkcGtnIC0tcHJpbnQtYXJjaGl0ZWN0dXJlKVwiOyAgICAgY2FzZSBcIiR7QVJDSH1cIiBpbiAgICAgICAgYWFyY2g2NHxhcm02NCkgICAgICAgICAgRVNVTT0nMTYwODBkMDU1ZGEwOTYyZmJkNmI0MGY2NTlhOThhNDU3Y2JhM2VmYTdlYTcxNmQ1NDAwY2ZlYmU4YjkzNWJmMCc7ICAgICAgICAgIEJJTkFSWV9VUkw9J2h0dHBzOi8vZ2l0aHViLmNvbS9hZG9wdGl1bS90ZW11cmluMTctYmluYXJpZXMvcmVsZWFzZXMvZG93bmxvYWQvamRrLTE3LjAuMTAlMkI3L09wZW5KREsxN1UtanJlX2FhcmNoNjRfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIGFtZDY0fGkzODY6eDg2LTY0KSAgICAgICAgICBFU1VNPSc2MjBjYzBlNzMzOGYyNzIyZjNlZDA3NmFjNjVjMGZhZmI1NzU5ODE0MjZiYWM0ZTE5NzA4NjBlNWUyZDA0OGYwJzsgICAgICAgICAgQklOQVJZX1VSTD0naHR0cHM6Ly9naXRodWIuY29tL2Fkb3B0aXVtL3RlbXVyaW4xNy1iaW5hcmllcy9yZWxlYXNlcy9kb3dubG9hZC9qZGstMTcuMC4xMCUyQjcvT3BlbkpESzE3VS1qcmVfeDY0X2xpbnV4X2hvdHNwb3RfMTcuMC4xMF83LnRhci5neic7ICAgICAgICAgIDs7ICAgICAgICBhcm1oZnxhcm0pICAgICAgICAgIEVTVU09JzAzNzhiZGY2NzY5NjMyYjE4MmIyN2JhNGU1M2IxN2VhZWZlZmRiYWZhMzg0NWMxNWUxYmQ4OGE1YWVlYzg0NDInOyAgICAgICAgICBCSU5BUllfVVJMPSdodHRwczovL2dpdGh1Yi5jb20vYWRvcHRpdW0vdGVtdXJpbjE3LWJpbmFyaWVzL3JlbGVhc2VzL2Rvd25sb2FkL2pkay0xNy4wLjEwJTJCNy9PcGVuSkRLMTdVLWpyZV9hcm1fbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIHBwYzY0ZWx8cG93ZXJwYzpjb21tb242NCkgICAgICAgICAgRVNVTT0nNGUxOGI2MGRiYTU0MGI1YzQzMWZmMDNmNzRhMWM3M2IyMmQ4MzE1MWY5M2I4NzY4MjQxZDI2NGQxYTUzNTgyZCc7ICAgICAgICAgIEJJTkFSWV9VUkw9J2h0dHBzOi8vZ2l0aHViLmNvbS9hZG9wdGl1bS90ZW11cmluMTctYmluYXJpZXMvcmVsZWFzZXMvZG93bmxvYWQvamRrLTE3LjAuMTAlMkI3L09wZW5KREsxN1UtanJlX3BwYzY0bGVfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIHMzOTB4fHMzOTA6NjQtYml0KSAgICAgICAgICBFU1VNPSdjMWIyZmQyMzJmYzU1ZTgxNDQ3OWQ3NTg1ZDdlYzQ1YmFlOTUyYTJmNDEzNzA4NGYxZDk5Zjk1OGM2ODgwYTQ5JzsgICAgICAgICAgQklOQVJZX1VSTD0naHR0cHM6Ly9naXRodWIuY29tL2Fkb3B0aXVtL3RlbXVyaW4xNy1iaW5hcmllcy9yZWxlYXNlcy9kb3dubG9hZC9qZGstMTcuMC4xMCUyQjcvT3BlbkpESzE3VS1qcmVfczM5MHhfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgICopICAgICAgICAgIGVjaG8gXCJVbnN1cHBvcnRlZCBhcmNoOiAke0FSQ0h9XCI7ICAgICAgICAgIGV4aXQgMTsgICAgICAgICAgOzsgICAgIGVzYWM7ICAgICB3Z2V0IC0tcHJvZ3Jlc3M9ZG90OmdpZ2EgLU8gL3RtcC9vcGVuamRrLnRhci5neiAke0JJTkFSWV9VUkx9OyAgICAgZWNobyBcIiR7RVNVTX0gKi90bXAvb3Blbmpkay50YXIuZ3pcIiB8IHNoYTI1NnN1bSAtYyAtOyAgICAgbWtkaXIgLXAgXCIkSkFWQV9IT01FXCI7ICAgICB0YXIgLS1leHRyYWN0ICAgICAgICAgLS1maWxlIC90bXAvb3Blbmpkay50YXIuZ3ogICAgICAgICAtLWRpcmVjdG9yeSBcIiRKQVZBX0hPTUVcIiAgICAgICAgIC0tc3RyaXAtY29tcG9uZW50cyAxICAgICAgICAgLS1uby1zYW1lLW93bmVyICAgICA7ICAgICBybSAtZiAvdG1wL29wZW5qZGsudGFyLmd6ICR7SkFWQV9IT01FfS9saWIvc3JjLnppcDsgICAgIGZpbmQgXCIkSkFWQV9IT01FL2xpYlwiIC1uYW1lICcqLnNvJyAtZXhlYyBkaXJuYW1lICd7fScgJzsnIHwgc29ydCAtdSBcdTAwM2UgL2V0Yy9sZC5zby5jb25mLmQvZG9ja2VyLW9wZW5qZGsuY29uZjsgICAgIGxkY29uZmlnOyAgICAgamF2YSAtWHNoYXJlOmR1bXA7ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIHNldCAtZXV4OyAgICAgZWNobyBcIlZlcmlmeWluZyBpbnN0YWxsIC4uLlwiOyAgICAgZWNobyBcImphdmEgLS12ZXJzaW9uXCI7IGphdmEgLS12ZXJzaW9uOyAgICAgZWNobyBcIkNvbXBsZXRlLlwiICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IkNPUFkgZW50cnlwb2ludC5zaCAvX19jYWNlcnRfZW50cnlwb2ludC5zaCAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJFTlRSWVBPSU5UIFtcIi9fX2NhY2VydF9lbnRyeXBvaW50LnNoXCJdIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNjo0NS45NDE2OTAzNzdaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGVjaG8gJ2RlYmNvbmYgZGViY29uZi9mcm9udGVuZCBzZWxlY3QgTm9uaW50ZXJhY3RpdmUnIHwgZGViY29uZi1zZXQtc2VsZWN0aW9ucyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjAzLjA0OTQ2MjM4NVoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IHVwZGF0ZSBcdTAwMjZcdTAwMjYgICAgIGFwdCB1cGdyYWRlIC15IFx1MDAyNlx1MDAyNiAgICAgYXB0IGluc3RhbGwgLXkgc3VkbyBwcm9jcHMgbmV0LXRvb2xzICAgICAgYXB0LXV0aWxzIHdnZXQgY3VybCBjYS1jZXJ0aWZpY2F0ZXMganEgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzowOC42OTA0MDkxODFaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGFwdCBpbnN0YWxsIC15IGxpYmFwcjEgbGliYXBydXRpbDEgXHUwMDI2XHUwMDI2ICAgICBlY2hvICdMRF9MSUJSQVJZX1BBVEg9JExEX0xJQlJBUllfUEFUSDovdXNyL2xvY2FsL2Fwci9saWInIFx1MDAzZVx1MDAzZSAvZXRjL3Byb2ZpbGUuZC9hcGFjaGVfdG9tY2F0X25hdGl2ZV9saWJyYXJ5LnNoIFx1MDAyNlx1MDAyNiAgICAgZWNobyAnZXhwb3J0IExEX0xJQlJBUllfUEFUSCcgXHUwMDNlXHUwMDNlIC9ldGMvcHJvZmlsZS5kL2FwYWNoZV90b21jYXRfbmF0aXZlX2xpYnJhcnkuc2ggIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS4wODYxMjU1NloiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IGNsZWFuIGF1dG9jbGVhbiBcdTAwMjZcdTAwMjYgICAgIGFwdCBhdXRvcmVtb3ZlIC15IFx1MDAyNlx1MDAyNiAgICAgcm0gLXJmIC92YXIvbGliL3thcHQsZHBrZyxjYWNoZSxsb2d9LyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjE3Njk2NjQ1MVoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgZWNobyAndW5zZXQgSElTVE9SWScgXHUwMDNlXHUwMDNlIC9ldGMvcHJvZmlsZS5kL2Rpc2FibGVfYmFzaF9oaXN0b3J5LnNoIFx1MDAyNlx1MDAyNiAgICAgZWNobyAnZXhwb3J0IEhJU1RTSVpFPTAnICBcdTAwM2VcdTAwM2UgL2V0Yy9wcm9maWxlLmQvZGlzYWJsZV9iYXNoX2hpc3Rvcnkuc2ggIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS40MTE3OTU4NjVaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIG1rZGlyIC9vcHQvY2FtcyAvZXRjL3NzbC9jYW1zIFx1MDAyNlx1MDAyNiAgICAgZ3JvdXBhZGQgLWcgMTIwMCBjYW1zIFx1MDAyNlx1MDAyNiAgICAgYWRkdXNlciAtLXN5c3RlbSAtLXNoZWxsIC9zYmluL25vbG9naW4gLS1ob21lIC9vcHQvY2FtcyAtLWdpZCAxMjAwIC0tdWlkIDEyMDAgY2FtcyBcdTAwMjZcdTAwMjYgICAgIGNob3duIGNhbXM6Y2FtcyAvb3B0L2NhbXMgL2V0Yy9zc2wvY2FtcyBcdTAwMjZcdTAwMjYgICAgIGVjaG8gJ3NvdXJjZSAvZXRjL3Byb2ZpbGUnIFx1MDAzZVx1MDAzZSAvb3B0L2NhbXMvLmJhc2hyYyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjQ0MjUyMTI3WiIsImNyZWF0ZWRfYnkiOiJBREQgY2Ftcy5zdWRvZXJzIC9ldGMvc3Vkb2Vycy5kL2NhbXMgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS40ODQxOTIwMTVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgLS1jaG93bj1jYW1zOmNhbXMgZG9ja2VyLWVudHJ5cG9pbnQuc2ggL3Vzci9sb2NhbC9iaW4gIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS41OTUxODAyNTJaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGNobW9kIDc1NSAvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaCBcdTAwMjZcdTAwMjYgICAgIGNobW9kIDY1MCAvZXRjL3N1ZG9lcnMuZC9jYW1zICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMDlUMTM6MDc6MTEuNzM3NDg5OTQ4WiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBta2RpciAtcCAkSkFWQV9IT01FL2pyZS9saWIvc2VjdXJpdHkvIFx1MDAyNlx1MDAyNiAgICAgZWNobyBcIm5ldHdvcmthZGRyZXNzLmNhY2hlLnR0bD02MFwiIFx1MDAzZVx1MDAzZSAkSkFWQV9IT01FL2pyZS9saWIvc2VjdXJpdHkvamF2YS5zZWN1cml0eSAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjc3MzAyMjM4WiIsImNyZWF0ZWRfYnkiOiJVU0VSIGNhbXMiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjc3MzAyMjM4WiIsImNyZWF0ZWRfYnkiOiJXT1JLRElSIC9vcHQvY2FtcyIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS43NzMwMjIzOFoiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfT1BUUz0tWFg6TWluUkFNUGVyY2VudGFnZT01MCAtWFg6TWF4UkFNUGVyY2VudGFnZT04MCAtWFg6K1VzZUNvbnRhaW5lclN1cHBvcnQgU1BSSU5HX0NPTkZJR19MT0NBVElPTj1maWxlOi9ldGMvY2Ftcy8gU1BSSU5HX1BST0ZJTEVTX0FDVElWRT0gQ0FNU19BUFBMSUNBVElPTj1hcHBsaWNhdGlvbi5qYXIgQ0FNU19BUFBfUE9SVD04MDgwIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS43NzMwMjIzOFoiLCJjcmVhdGVkX2J5IjoiRU5UUllQT0lOVCBbXCIvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaFwiXSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MDkuMzg0NjUzNjE4WiIsImNyZWF0ZWRfYnkiOiJFTlYgVkVSU0lPTj0wLjE1MC4wIE5BTUU9am91cm5hbC1yZXBvcnQtc2VydmljZXMtYXBwIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzowOS4zODQ2NTM2MThaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIGJ6Y29tcG9uZW50PWpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCBuYW1lPWpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCB2ZXJzaW9uPTAuMTUwLjAgcmVsZWFzZT0wLjE1MC4wIGFyY2hpdGVjdHVyZT0gbWFpbnRhaW5lcj1UZWNobmVzdCBJVCBcdTAwM2NpdEB0ZWNobmVzdC5lc1x1MDAzZSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MDkuMzg0NjUzNjE4WiIsImNyZWF0ZWRfYnkiOiJVU0VSIHJvb3QiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjA5LjM4NDY1MzYxOFoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IHVwZGF0ZSBcdTAwMjZcdTAwMjYgYXB0IGluc3RhbGwgLXkgZm9udGNvbmZpZyBmb250cy1mcmVlZm9udC10dGYgZm9udHMtZnJlZWZvbnQtdHRmIGZvbnRzLWRlamF2dS1jb3JlIGZvbnRzLWRlamF2dS1leHRyYSAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjA5LjM4NDY1MzYxOFoiLCJjcmVhdGVkX2J5IjoiVVNFUiBjYW1zIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzowOS40MTk5ODE3MDhaIiwiY3JlYXRlZF9ieSI6IldPUktESVIgL29wdC9jYW1zIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjEwLjYwMzE2NzAwOVoiLCJjcmVhdGVkX2J5IjoiQ09QWSAtLWNob3duPWNhbXM6Y2FtcyAqLmphciAvb3B0L2NhbXMvYXBwbGljYXRpb24uamFyICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MTAuNjUyMjAxMDVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgLS1jaG93bj1jYW1zOmNhbXMgY29uZmlnIC9ldGMvY2FtcyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjEwLjY1MjIwMTA1WiIsImNyZWF0ZWRfYnkiOiJFWFBPU0UgbWFwWzgwODAvdGNwOnt9XSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9XSwib3MiOiJsaW51eCIsInJvb3RmcyI6eyJ0eXBlIjoibGF5ZXJzIiwiZGlmZl9pZHMiOlsic2hhMjU2OjVmYWY5YzBhOWVmZTQ2NzVlY2QyMWE0ZWM0MTdkNTEwNzdkNWU3NWRhOWU2NzMxNjFhOTRlN2Q2Y2Q0M2Y5MmMiLCJzaGEyNTY6NjFiYjgzNTg1OWFmM2IzNDE4ZDllNTExNWVlMGQwNDIxZDc3MWFmNGI1NzYzNTRjYjQ3ZTQ5MTE4OTg0MTFlNiIsInNoYTI1NjowODlmMTNlODZkNjQ0N2I5MTgyYTIzY2E0ZTM1N2IxM2YwNjcyMDhkYjFiMDRiYTE0Y2FjM2VkYjUxYzJlNmE4Iiwic2hhMjU2OjhhNjk5MmFlMTI3ZDYwM2Q5ODE2YjRhYzhkMWIzYjNmNmIwYmIyOWIxZTY0ZTM4Yzg2MjQ3ODA1ZGU3OTdkY2QiLCJzaGEyNTY6MzFjOTFjYjExOTY4ODNhMDg2MWFhNWYxZDM2M2U2ZTM0MzA3MDQxODcwNGRiNDZlNDdkZjE3MzVlYjk1ZTQ3MyIsInNoYTI1NjoyYWRiNzQ1OTY2NDA4ODJlNzJkMWNmZDU5Njg0ZDFkMzA1M2E0ZWFjY2M4Y2JkNGZmNzY5YTZiYzEwMzczNmQ5Iiwic2hhMjU2OmQzYmQ1ZTdkM2E3NzFlMTEyZWQ1YjBmNjFiZTA1NDY1NGQ4MjhjNTE5OGY2YWVlMjlkYzU3ZmI0N2Y1ZWNlZGUiLCJzaGEyNTY6ZWJlODAxZmNiZTYyZDYyZDViZWUzOTk0NzQzZjNkNTU2ZWNlYTNjNmZjYWM5ZTRlYjljNGIxNTdjZmQ1YzA1ZCIsInNoYTI1Njo1ZjcwYmYxOGEwODYwMDcwMTZlOTQ4YjA0YWVkM2I4MjEwM2EzNmJlYTQxNzU1YjZjZGRmYWYxMGFjZTNjNmVmIiwic2hhMjU2OmNkZjA4MDg2ZGJiNGZmOGU5ZGU3YjU5ODZhNGZlNzIwYTkxYjM1MDg5MzI5ODhhOTkzMWE0NGJjNTk1YzA0NTEiLCJzaGEyNTY6NjJjZWU0NWJmZDhkZTMwMDNhMTc0NWJhNWNjZTgzNjQyOWI5NmZhYjAxNWQ2YzhkMzQ3ZWRiNWZjMmI4ZjUzOCIsInNoYTI1Njo3ZDkzZjc0ZjkwYTU2NmY5MGY2Y2U3MzNlMWYwM2U1OTI3NzBmMGViNTc5ZWJiMzMzOWFjNDM3MzI5MTNkY2Y1Iiwic2hhMjU2OmI2MjZmZTMxMTRkMWFiZDZjNjI5YzVhZGViNzY5ZmUyODExMmUwMjY4MjQyYTFiYzY2NDk3ZWM2YzZmZGRmYzAiLCJzaGEyNTY6ZWNkYzcyMWUwZjBlNDI0NDk1OGZkNmVkNGFhNjU4ZjYwMGY2NmNjNDllOGUyNTg2ODBiYmI4ZjA3ODFiMWVhZSIsInNoYTI1NjpjM2Y3ZDk3MzhkYjZmZTMzYWE0MWUzNTliMzVjY2FkNjdjNTJlOWUxZmUxZDJhYThhZTk4NmE1MmM2M2FiZGJjIiwic2hhMjU2OjVmNzBiZjE4YTA4NjAwNzAxNmU5NDhiMDRhZWQzYjgyMTAzYTM2YmVhNDE3NTViNmNkZGZhZjEwYWNlM2M2ZWYiLCJzaGEyNTY6NDMwNTQ4NzBjNWVlNzljOWM0ODlkYjQyYjA1NGQ4MzJlZDdhZDM4YmI4NWQ3ZDA4NWFlNmQ5ZWQwZmEyMjE5MSIsInNoYTI1Njo1ZjcwYmYxOGEwODYwMDcwMTZlOTQ4YjA0YWVkM2I4MjEwM2EzNmJlYTQxNzU1YjZjZGRmYWYxMGFjZTNjNmVmIiwic2hhMjU2OjYyOTkzMWUxNjU2OGI3MDEyYmM5NGZhOTcxMDg1MzAxZjgyMzk4MTI2OTBmZjI0MjJmY2JmMmEyMjQ3NWViNTciLCJzaGEyNTY6OWZkZDdjMjBmYzA3OTI2NjljZjhlMTZhNzcwYzQwZDk5YzBmYTNiZjc0YjUxNTAwMjcwYjc2MmIxNDIwMDQ3ZCJdfX0=", + "repoDigests": [ + "REDACTED" + ], + "architecture": "amd64", + "os": "linux", + "labels": { + "architecture": "", + "bzcomponent": "REDACTED", + "maintainer": "REDACTED", + "name": "REDACTED", + "org.opencontainers.image.ref.name": "ubuntu", + "org.opencontainers.image.version": "20.04", + "release": "0.150.0", + "version": "0.150.0" + } + } + }, + "distro": { + "name": "ubuntu", + "version": "20.04", + "idLike": [ + "debian" + ] + }, + "descriptor": { + "name": "grype", + "version": "0.75.0", + "configuration": { + "output": [ + "json" + ], + "file": "container-report-linux-amd64.json", + "distro": "", + "add-cpes-if-none": false, + "output-template-file": "", + "check-for-app-update": true, + "only-fixed": false, + "only-notfixed": false, + "ignore-wontfix": "", + "platform": "linux/amd64", + "search": { + "scope": "squashed", + "unindexed-archives": false, + "indexed-archives": true + }, + "ignore": null, + "exclude": [], + "db": { + "cache-dir": "/root/.cache/grype/db", + "update-url": "https://toolbox-data.anchore.io/grype/databases/listing.json", + "ca-cert": "", + "auto-update": true, + "validate-by-hash-on-start": false, + "validate-age": true, + "max-allowed-built-age": 432000000000000, + "update-available-timeout": 30000000000, + "update-download-timeout": 120000000000 + }, + "externalSources": { + "enable": false, + "maven": { + "searchUpstreamBySha1": true, + "baseUrl": "https://search.maven.org/solrsearch/select" + } + }, + "match": { + "java": { + "using-cpes": false + }, + "dotnet": { + "using-cpes": false + }, + "golang": { + "using-cpes": false, + "always-use-cpe-for-stdlib": true + }, + "javascript": { + "using-cpes": false + }, + "python": { + "using-cpes": false + }, + "ruby": { + "using-cpes": false + }, + "rust": { + "using-cpes": false + }, + "stock": { + "using-cpes": true + } + }, + "fail-on-severity": "", + "registry": { + "insecure-skip-tls-verify": false, + "insecure-use-http": false, + "auth": null, + "ca-cert": "" + }, + "show-suppressed": false, + "by-cve": false, + "name": "", + "default-image-pull-source": "", + "vex-documents": [], + "vex-add": [] + }, + "db": { + "built": "2024-04-10T01:25:07Z", + "schemaVersion": 5, + "location": "/root/.cache/grype/db/5", + "checksum": "sha256:bb6e98b144551912bc9f1fe7381ad2b83c8e1d07d0b3a4c341bfea182ae1269c", + "error": null + }, + "timestamp": "2024-04-10T11:05:22.636338786Z" + } +} diff --git a/unittests/test_import_reimport.py b/unittests/test_import_reimport.py index e3130cc7efc..2f71c720e02 100644 --- a/unittests/test_import_reimport.py +++ b/unittests/test_import_reimport.py @@ -100,6 +100,8 @@ def __init__(self, *args, **kwargs): self.scan_type_gitlab_dast = "GitLab DAST Report" self.anchore_grype_file_name = get_unit_tests_scans_path("anchore_grype") / "check_all_fields.json" + self.anchore_grype_file_name_fix_not_available = get_unit_tests_scans_path("anchore_grype") / "fix_not_available.json" + self.anchore_grype_file_name_fix_available = get_unit_tests_scans_path("anchore_grype") / "fix_available.json" self.anchore_grype_scan_type = "Anchore Grype" self.checkmarx_one_open_and_false_positive = get_unit_tests_scans_path("checkmarx_one") / "one-open-one-false-positive.json" @@ -1691,6 +1693,30 @@ def test_import_reimport_vulnerability_ids(self): self.assertEqual("GHSA-v6rh-hp5x-86rv", findings[3].vulnerability_ids[0]) self.assertEqual("CVE-2021-44420", findings[3].vulnerability_ids[1]) + def test_import_reimport_fix_available(self): + import0 = self.import_scan_with_params(self.anchore_grype_file_name_fix_not_available, scan_type=self.anchore_grype_scan_type) + test_id = import0["test"] + test = Test.objects.get(id=test_id) + findings = Finding.objects.filter(test=test) + self.assertEqual(1, len(findings)) + self.assertEqual(False, findings[0].fix_available) + self.assertEqual(None, findings[0].fix_version) + + test_type = Test_Type.objects.get(name=self.anchore_grype_scan_type) + reimport_test = Test( + engagement=test.engagement, + test_type=test_type, + scan_type=self.anchore_grype_scan_type, + target_start=datetime.now(timezone.get_current_timezone()), + target_end=datetime.now(timezone.get_current_timezone()), + ) + reimport_test.save() + self.reimport_scan_with_params(reimport_test.id, self.anchore_grype_file_name_fix_available, scan_type=self.anchore_grype_scan_type) + findings = Finding.objects.filter(test=reimport_test) + self.assertEqual(1, len(findings)) + self.assertEqual(True, findings[0].fix_available) + self.assertEqual("1.2.3", findings[0].fix_version) + def test_import_history_reactivated_and_untouched_findings_do_not_mix(self): import0 = self.import_scan_with_params(self.generic_import_1, scan_type=self.scan_type_generic) test_id = import0["test"] diff --git a/unittests/tools/test_anchore_grype_parser.py b/unittests/tools/test_anchore_grype_parser.py index 362fb63a5f7..44239da61f0 100644 --- a/unittests/tools/test_anchore_grype_parser.py +++ b/unittests/tools/test_anchore_grype_parser.py @@ -266,6 +266,22 @@ def test_grype_issue_9618(self): findings = parser.get_findings(testfile, Test()) self.assertEqual(35, len(findings)) + def test_grype_fix_not_available(self): + with (get_unit_tests_scans_path("anchore_grype") / "fix_not_available.json").open(encoding="utf-8") as testfile: + parser = AnchoreGrypeParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + self.assertEqual(findings[0].fix_available, False) + self.assertEqual(findings[0].fix_version, None) + + def test_grype_fix_available(self): + with (get_unit_tests_scans_path("anchore_grype") / "fix_available.json").open(encoding="utf-8") as testfile: + parser = AnchoreGrypeParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + self.assertEqual(findings[0].fix_available, True) + self.assertEqual(findings[0].fix_version, "1.2.3") + def test_grype_issue_9942(self): with (get_unit_tests_scans_path("anchore_grype") / "issue_9942.json").open(encoding="utf-8") as testfile: parser = AnchoreGrypeParser() From f689f84f82352359499b1faf82e626ac47a104a1 Mon Sep 17 00:00:00 2001 From: Jino Tesauro <53376807+Jino-T@users.noreply.github.com> Date: Wed, 5 Nov 2025 14:32:11 -0600 Subject: [PATCH 16/54] Make Finding Group Push to Jira Push Push to Duplicate Issues (#13573) * Made file changes to test in dojo pro * Changed logic so that individual findings are pushed to jira only after the groups association is confirmed * Apply suggestion from @Maffooch * Rerecord tests --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> --- dojo/jira_link/helper.py | 4 + ...est_groups_create_edit_update_finding.yaml | 4370 ++++++++++------- 2 files changed, 2590 insertions(+), 1784 deletions(-) diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py index bf2b0101fed..c3df5e1cf37 100644 --- a/dojo/jira_link/helper.py +++ b/dojo/jira_link/helper.py @@ -783,7 +783,11 @@ def push_finding_to_jira(finding, *args, **kwargs): @app.task @dojo_model_from_id(model=Finding_Group) def push_finding_group_to_jira(finding_group, *args, **kwargs): + # Look for findings that have single ticket associations separate from the group + for finding in finding_group.findings.filter(jira_issue__isnull=False): + update_jira_issue(finding, *args, **kwargs) if finding_group.has_jira_issue: + # Update the jira issue for the group return update_jira_issue(finding_group, *args, **kwargs) return add_jira_issue(finding_group, *args, **kwargs) diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml index 37a72f9bd80..27cb4916548 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml @@ -2,14 +2,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, - "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/", + "url_ui": "http://localhost:8080/test/92", "url_api": "http://localhost:8080/api/v2/tests/92/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 95, "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/"}}' + 92, "url_ui": "http://localhost:8080/test/92", "url_api": "http://localhost:8080/api/v2/tests/92/"}}' headers: Accept: - application/json @@ -24,7 +24,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.48.4 + - DefectDojo-2.52.0-dev X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -38,22 +38,22 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"844\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.48.4\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.52.0-dev\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.7\",\n \"url\": + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.7\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/95/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/92\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/92/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 95, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/95/\\\"}}\",\n \"files\": + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 92, \\\"url_ui\\\": \\\"http://localhost:8080/test/92\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/92/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -63,11 +63,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 95,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n - \ \"url_ui\": \"http://localhost:8080/test/95\"\n },\n \"title\": + 92,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/92/\",\n + \ \"url_ui\": \"http://localhost:8080/test/92\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n \"url_ui\": - \"http://localhost:8080/test/95\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/92/\",\n \"url_ui\": + \"http://localhost:8080/test/92\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Fri, 25 Jul 2025 19:02:56 GMT + - Tue, 04 Nov 2025 18:02:04 GMT Transfer-Encoding: - chunked status: @@ -85,32 +85,32 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/", + null, "url_ui": "http://localhost:8080/test/92", "url_api": "http://localhost:8080/api/v2/tests/92/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 95, "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/"}, - "finding_count": 5, "findings": {"new": [{"id": 247, "title": "2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/247", - "url_api": "http://localhost:8080/api/v2/findings/247/"}, {"id": 248, "title": + 92, "url_ui": "http://localhost:8080/test/92", "url_api": "http://localhost:8080/api/v2/tests/92/"}, + "finding_count": 5, "findings": {"new": [{"id": 235, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/235", + "url_api": "http://localhost:8080/api/v2/findings/235/"}, {"id": 236, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", - "severity": "High", "url_ui": "http://localhost:8080/finding/248", "url_api": - "http://localhost:8080/api/v2/findings/248/"}, {"id": 246, "title": "Regular + "severity": "High", "url_ui": "http://localhost:8080/finding/236", "url_api": + "http://localhost:8080/api/v2/findings/236/"}, {"id": 234, "title": "Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", - "url_ui": "http://localhost:8080/finding/246", "url_api": "http://localhost:8080/api/v2/findings/246/"}, - {"id": 249, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", - "severity": "Medium", "url_ui": "http://localhost:8080/finding/249", "url_api": - "http://localhost:8080/api/v2/findings/249/"}, {"id": 250, "title": "2222Remote + "url_ui": "http://localhost:8080/finding/234", "url_api": "http://localhost:8080/api/v2/findings/234/"}, + {"id": 237, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/237", "url_api": + "http://localhost:8080/api/v2/findings/237/"}, {"id": 238, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", - "severity": "Medium", "url_ui": "http://localhost:8080/finding/250", "url_api": - "http://localhost:8080/api/v2/findings/250/"}], "reactivated": [], "mitigated": + "severity": "Medium", "url_ui": "http://localhost:8080/finding/238", "url_api": + "http://localhost:8080/api/v2/findings/238/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -126,7 +126,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.48.4 + - DefectDojo-2.52.0-dev X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -140,82 +140,82 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"2373\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.48.4\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.52.0-dev\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.7\",\n \"url\": + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.7\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", - \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/95/\\\", \\\"product_type\\\": + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/92\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/92/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 95, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/95/\\\"}, \\\"finding_count\\\": - 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 247, \\\"title\\\": \\\"2222Regular + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 92, \\\"url_ui\\\": \\\"http://localhost:8080/test/92\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/92/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 235, \\\"title\\\": \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/247\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/247/\\\"}, {\\\"id\\\": 248, \\\"title\\\": + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/235\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/235/\\\"}, {\\\"id\\\": 236, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/248\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/248/\\\"}, - {\\\"id\\\": 246, \\\"title\\\": \\\"Regular Expression Denial of Service + \\\"http://localhost:8080/finding/236\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/236/\\\"}, + {\\\"id\\\": 234, \\\"title\\\": \\\"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/246\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/246/\\\"}, - {\\\"id\\\": 249, \\\"title\\\": \\\"Regular Expression Denial of Service + \\\"http://localhost:8080/finding/234\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/234/\\\"}, + {\\\"id\\\": 237, \\\"title\\\": \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/249\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/249/\\\"}, - {\\\"id\\\": 250, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + \\\"http://localhost:8080/finding/237\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/237/\\\"}, + {\\\"id\\\": 238, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/250\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/250/\\\"}], \\\"reactivated\\\": + \\\"url_ui\\\": \\\"http://localhost:8080/finding/238\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/238/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 247,\n \"severity\": \"High\",\n \"title\": + \ \"id\": 235,\n \"severity\": \"High\",\n \"title\": \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/247/\",\n \"url_ui\": \"http://localhost:8080/finding/247\"\n - \ },\n {\n \"id\": 248,\n \"severity\": \"High\",\n + \"http://localhost:8080/api/v2/findings/235/\",\n \"url_ui\": \"http://localhost:8080/finding/235\"\n + \ },\n {\n \"id\": 236,\n \"severity\": \"High\",\n \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= - 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/248/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/248\"\n },\n - \ {\n \"id\": 246,\n \"severity\": \"Medium\",\n \"title\": + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/236/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/236\"\n },\n + \ {\n \"id\": 234,\n \"severity\": \"Medium\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/246/\",\n \"url_ui\": \"http://localhost:8080/finding/246\"\n - \ },\n {\n \"id\": 249,\n \"severity\": \"Medium\",\n + \"http://localhost:8080/api/v2/findings/234/\",\n \"url_ui\": \"http://localhost:8080/finding/234\"\n + \ },\n {\n \"id\": 237,\n \"severity\": \"Medium\",\n \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/findings/249/\",\n \"url_ui\": - \"http://localhost:8080/finding/249\"\n },\n {\n \"id\": - 250,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + \ \"url_api\": \"http://localhost:8080/api/v2/findings/237/\",\n \"url_ui\": + \"http://localhost:8080/finding/237\"\n },\n {\n \"id\": + 238,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < - 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/250/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/250\"\n }\n ],\n + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/238/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/238\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 95,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n - \ \"url_ui\": \"http://localhost:8080/test/95\"\n },\n \"title\": + 92,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/92/\",\n + \ \"url_ui\": \"http://localhost:8080/test/92\"\n },\n \"title\": \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n - \ \"url_ui\": \"http://localhost:8080/test/95\",\n \"user\": null\n }\n}\n" + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/92/\",\n + \ \"url_ui\": \"http://localhost:8080/test/92\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -224,7 +224,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Fri, 25 Jul 2025 19:02:56 GMT + - Tue, 04 Nov 2025 18:02:04 GMT Transfer-Encoding: - chunked status: @@ -244,17 +244,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:02:57.595+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:04.511+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 87e09610-cc06-4a8a-a197-0e9ce1263593 + - 84eb414d-a348-4388-8632-08caec20d928 Atl-Traceid: - - 87e09610cc064a8aa1970e9ce1263593 + - 84eb414da3484388863208caec20d928 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -264,7 +264,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:02:57 GMT + - Tue, 04 Nov 2025 18:02:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -274,7 +274,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=328,atl-edge;dur=323,atl-edge-internal;dur=14,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="FQD4czgzlQ9F5YGvQGP7yj0lV5y5pAwBZB7XaNOg0qMzKGBIq2Xa3A==",cdn-downstream-fbl;dur=331 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=250,atl-edge;dur=227,atl-edge-internal;dur=13,atl-edge-upstream;dur=214,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="Gfcwv0to1yWDtbW7j2ULUXR1haCo_GCu4Cct8PTcUas_LkF20tC8eg==",cdn-downstream-fbl;dur=253 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -284,15 +284,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 902b6168cd46b8e2de576dabe4e7f0f8.cloudfront.net (CloudFront) + - 1.1 c11dc3a4786e038ddffb5e925a892302.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - FQD4czgzlQ9F5YGvQGP7yj0lV5y5pAwBZB7XaNOg0qMzKGBIq2Xa3A== + - Gfcwv0to1yWDtbW7j2ULUXR1haCo_GCu4Cct8PTcUas_LkF20tC8eg== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - c23d70909455da51af7da0dbd61404da + - ea35da2fcae8ee7faf589d20046347c8 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -316,7 +320,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -330,9 +334,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - b1a19c85-bff0-4945-b173-283a8bd53ba8 + - 74ad6563-7915-49c1-a310-525d8ad81ddf Atl-Traceid: - - b1a19c85bff04945b173283a8bd53ba8 + - 74ad6563791549c1a310525d8ad81ddf Cache-Control: - no-cache, no-store, no-transform Connection: @@ -342,7 +346,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:02:59 GMT + - Tue, 04 Nov 2025 18:02:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -352,7 +356,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=489,atl-edge;dur=486,atl-edge-internal;dur=15,atl-edge-upstream;dur=471,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="5-rw1PtU3FIpq8dtpbsC-bGhD0B43quh_X5uB7YTZ-RRZtD-ywLNvg==",cdn-downstream-fbl;dur=492 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=409,atl-edge;dur=387,atl-edge-internal;dur=17,atl-edge-upstream;dur=370,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="ERcuFkqXvhUWrBbjbx65xkdwuJ9CC7UCRONZbIMrGvFulq80JsAflg==",cdn-downstream-fbl;dur=414 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -362,18 +366,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 da84bd533f95bc21581ad9f33da5b73a.cloudfront.net (CloudFront) + - 1.1 d7b3fa0ef559ab3ac226fc78e47d311a.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 5-rw1PtU3FIpq8dtpbsC-bGhD0B43quh_X5uB7YTZ-RRZtD-ywLNvg== + - ERcuFkqXvhUWrBbjbx65xkdwuJ9CC7UCRONZbIMrGvFulq80JsAflg== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P1 X-Arequestid: - - af9afffbde195f59fc4dbedb0333868c + - 8320bc1f1ee4ae6b83bc30b3914118e0 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -387,20 +395,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified and + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -410,9 +418,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -432,21 +440,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3540' + - '3538' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"21268","key":"NTEST-3089","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268"}' + string: '{"id":"23615","key":"NTEST-3174","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615"}' headers: Atl-Request-Id: - - 78fb4eef-4458-4109-9bb0-df8773d2c147 + - fd86d71b-2e0b-414c-93bf-83227145a1f9 Atl-Traceid: - - 78fb4eef445841099bb0df8773d2c147 + - fd86d71b2e0b414c93bf83227145a1f9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -454,7 +462,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:00 GMT + - Tue, 04 Nov 2025 18:02:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -464,7 +472,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=901,atl-edge;dur=895,atl-edge-internal;dur=15,atl-edge-upstream;dur=880,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="StrjBrHSWCvNqr8OI1ytGk1aPN-7X4_XoZKbH3j4tp7rA5CiR84NKw==",cdn-downstream-fbl;dur=904 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=854,atl-edge;dur=832,atl-edge-internal;dur=16,atl-edge-upstream;dur=815,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="f2xEZR96D6xpQ9OomNDKv3lfWsjZhVty-qF1wdICuCwfC0l5iO0TuQ==",cdn-downstream-fbl;dur=859 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -474,15 +482,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4ec881b9cff95ab6b1f20a72ee8404c4.cloudfront.net (CloudFront) + - 1.1 96b078df4a5d96ad3cc52cfe9d984774.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - StrjBrHSWCvNqr8OI1ytGk1aPN-7X4_XoZKbH3j4tp7rA5CiR84NKw== + - f2xEZR96D6xpQ9OomNDKv3lfWsjZhVty-qF1wdICuCwfC0l5iO0TuQ== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN52-P1 X-Arequestid: - - 9e58b841e389843ef81eb21c4222b6d5 + - 1ce41d39aece41fe84b44e5ce0cc8d06 + X-Beta-Ratelimit-Limit: + - '200' + X-Beta-Ratelimit-Remaining: + - '199' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -506,32 +518,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -541,9 +553,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -553,12 +565,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 688e55f3-3299-470b-9150-2d0dc672cc34 + - 96839452-3336-4f57-8765-9c56c75eeac2 Atl-Traceid: - - 688e55f33299470b91502d0dc672cc34 + - 9683945233364f5787659c56c75eeac2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -568,7 +580,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:02 GMT + - Tue, 04 Nov 2025 18:02:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -578,7 +590,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=406,atl-edge;dur=404,atl-edge-internal;dur=15,atl-edge-upstream;dur=389,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="brH9xqsPkfS-JMNJkxvM4Eu8lhNhdl202zBRFUvZadcrq-TUP29tHA==",cdn-downstream-fbl;dur=410 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=280,atl-edge;dur=257,atl-edge-internal;dur=18,atl-edge-upstream;dur=240,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="0k39cfEPK8vpFSYLsBoMQwFrZviUH94jg3gHiPyLSBzhW3kDLCTrJg==",cdn-downstream-fbl;dur=284 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -588,15 +600,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f10eedb52fc0d82204e85d20112deafa.cloudfront.net (CloudFront) + - 1.1 f6327093dd59f54131617ea3ab04bd94.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - brH9xqsPkfS-JMNJkxvM4Eu8lhNhdl202zBRFUvZadcrq-TUP29tHA== + - 0k39cfEPK8vpFSYLsBoMQwFrZviUH94jg3gHiPyLSBzhW3kDLCTrJg== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P2 X-Arequestid: - - e7edb0b415127803592cbc45a7e5a4b5 + - ec452c2a04c8d88d082d8c4db2d5cb8d + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -620,32 +636,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -655,9 +671,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -667,12 +683,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 1a96f827-aca4-410c-9d88-cb4b590df03f + - 698ab61c-4988-460f-a848-47aafb0030f7 Atl-Traceid: - - 1a96f827aca4410c9d88cb4b590df03f + - 698ab61c4988460fa84847aafb0030f7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -682,7 +698,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:03 GMT + - Tue, 04 Nov 2025 18:02:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -692,7 +708,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=416,atl-edge;dur=414,atl-edge-internal;dur=15,atl-edge-upstream;dur=399,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="QYhhYlfMA88IBYFaanzvO1AzOkF3jK6afwEtjrUFo4rC49Y3yQSNuQ==",cdn-downstream-fbl;dur=420 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=401,atl-edge;dur=313,atl-edge-internal;dur=20,atl-edge-upstream;dur=292,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="vWi3EdHtOzg-Tp1ak4kNRPHt2UOn5LuhJDXy-eZFyqWiJUUWu76_Cw==",cdn-downstream-fbl;dur=406 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -702,15 +718,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0e61cdf08a154ac7d647c2dc742467a6.cloudfront.net (CloudFront) + - 1.1 5a94950aa5895e56460f82b3086d0b0c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - QYhhYlfMA88IBYFaanzvO1AzOkF3jK6afwEtjrUFo4rC49Y3yQSNuQ== + - vWi3EdHtOzg-Tp1ak4kNRPHt2UOn5LuhJDXy-eZFyqWiJUUWu76_Cw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P1 X-Arequestid: - - 5d9509d79ab893f6881f5000dc38a104 + - 9ff91c9d4335bf63a04a9a6dd144022c + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -734,17 +754,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:04.581+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:07.222+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - ea32309e-c226-4a0d-b73a-d960e218569d + - 70955815-9d28-48cf-90e9-669e3d4bc0a7 Atl-Traceid: - - ea32309ec2264a0db73ad960e218569d + - 709558159d2848cf90e9669e3d4bc0a7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -754,7 +774,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:04 GMT + - Tue, 04 Nov 2025 18:02:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -764,7 +784,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=325,atl-edge;dur=323,atl-edge-internal;dur=15,atl-edge-upstream;dur=308,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="iswaYNMh8YudWTH9CQuiAXVW5BQH16sonjXQLLCn_taBkBMCmwsSKw==",cdn-downstream-fbl;dur=329 + - cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="Qa9URLPaMa6ikMG2OW5Rg29O7Nnbx0ui3Bddg1weVHvUdq2vNauS9A==",cdn-downstream-fbl;dur=270,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=67,cdn-upstream-fbl;dur=267,atl-edge;dur=176,atl-edge-internal;dur=20,atl-edge-upstream;dur=155,atl-edge-pop;desc="aws-us-west-2" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -774,15 +794,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 74ae22067fef6f6228fb9f864f22f58a.cloudfront.net (CloudFront) + - 1.1 949f831c3bb70b840d7eecaeb220bbfa.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - iswaYNMh8YudWTH9CQuiAXVW5BQH16sonjXQLLCn_taBkBMCmwsSKw== + - Qa9URLPaMa6ikMG2OW5Rg29O7Nnbx0ui3Bddg1weVHvUdq2vNauS9A== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - e270fcc6792d3ffa51e7e8ad9e9c8d84 + - 42d62cd510d79b6ffb0403234017575a + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -806,32 +830,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -841,9 +865,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -853,12 +877,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - ae00100f-4d11-40e9-9932-15d9021e6759 + - fb011005-80a3-4d39-8537-813dddbd6615 Atl-Traceid: - - ae00100f4d1140e9993215d9021e6759 + - fb01100580a34d398537813dddbd6615 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -868,7 +892,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:06 GMT + - Tue, 04 Nov 2025 18:02:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -878,7 +902,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=420,atl-edge;dur=418,atl-edge-internal;dur=15,atl-edge-upstream;dur=403,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="bgetvlO4WpCinB-heDQIha0uuofhS5EorQlJE9ou15CELKr1QTCrjg==",cdn-downstream-fbl;dur=423 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=419,atl-edge;dur=331,atl-edge-internal;dur=21,atl-edge-upstream;dur=308,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="8vx7EoxVuI99a62P5Tr9aCsgWdh7eUfOB7jOs-9OtyVtTB-tPqHKsQ==",cdn-downstream-fbl;dur=423 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -888,15 +912,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 aebce22763fb7e32a807cd494884a9b4.cloudfront.net (CloudFront) + - 1.1 05fe6f95b77eb54d0691950915c27264.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - bgetvlO4WpCinB-heDQIha0uuofhS5EorQlJE9ou15CELKr1QTCrjg== + - 8vx7EoxVuI99a62P5Tr9aCsgWdh7eUfOB7jOs-9OtyVtTB-tPqHKsQ== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P2 X-Arequestid: - - b39c817f7c2df536c188eac2e9f8726c + - 0faee4be973ae5ac859f02e5d753201d + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -920,17 +948,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:07.128+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:08.101+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 537537da-de60-458a-ac4b-eeb5dfbdf818 + - 3e93b632-404f-4c97-8b5e-e53e89385eb3 Atl-Traceid: - - 537537dade60458aac4beeb5dfbdf818 + - 3e93b632404f4c978b5ee53e89385eb3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -940,7 +968,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:07 GMT + - Tue, 04 Nov 2025 18:02:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -950,7 +978,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=326,atl-edge;dur=323,atl-edge-internal;dur=16,atl-edge-upstream;dur=307,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="SiwlZ_K47ZgS_TQfpdkxeGBcmidrzFLppMLZ1O6VQrZAeiJNt_i62w==",cdn-downstream-fbl;dur=329 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=202,atl-edge;dur=177,atl-edge-internal;dur=16,atl-edge-upstream;dur=162,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="etpLicu7TQewaNacytUJJrOszSnNNDLK7WvjA_YA-cV4iTRd1ndbdw==",cdn-downstream-fbl;dur=206 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -960,15 +988,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 490b2d87256587a734fcd39d5d6c7392.cloudfront.net (CloudFront) + - 1.1 ba437ea2340585e48bd8901315998164.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - SiwlZ_K47ZgS_TQfpdkxeGBcmidrzFLppMLZ1O6VQrZAeiJNt_i62w== + - etpLicu7TQewaNacytUJJrOszSnNNDLK7WvjA_YA-cV4iTRd1ndbdw== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P2 X-Arequestid: - - aabd7033d76f62ed7a5419ff8d04a289 + - c57807bdcb2be629f110daeee436bb9a + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -992,32 +1024,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1027,9 +1059,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1039,12 +1071,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 7702705d-9d33-4baf-9ece-59fc4749fcd1 + - acb193c1-a63a-4ad8-906e-c872eb0eafa9 Atl-Traceid: - - 7702705d9d334baf9ece59fc4749fcd1 + - acb193c1a63a4ad8906ec872eb0eafa9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1054,7 +1086,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:08 GMT + - Tue, 04 Nov 2025 18:02:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1064,7 +1096,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=410,atl-edge;dur=409,atl-edge-internal;dur=15,atl-edge-upstream;dur=394,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="GjkZNDPUB0D2uY39X0UH-2FysELkAuiNFnN8WHIYURAWumMzxTwUbg==",cdn-downstream-fbl;dur=414 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=512,atl-edge;dur=420,atl-edge-internal;dur=17,atl-edge-upstream;dur=400,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="Cc5h3Hl1bFI6KVrRPSVLXFG78TNyB1Mo3IfEMiKwiVqQpwgL1ekbug==",cdn-downstream-fbl;dur=515 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1074,15 +1106,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 903696f43fdfc4019d7102b6711e9fca.cloudfront.net (CloudFront) + - 1.1 38eee5097e81ef860ba8d4b144d6ea36.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - GjkZNDPUB0D2uY39X0UH-2FysELkAuiNFnN8WHIYURAWumMzxTwUbg== + - Cc5h3Hl1bFI6KVrRPSVLXFG78TNyB1Mo3IfEMiKwiVqQpwgL1ekbug== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P2 X-Arequestid: - - 785d746ed3b15ff24479c5dd7c6bec74 + - dd075a25136f284c01fa591892a8c618 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '396' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1106,7 +1142,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -1120,9 +1156,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - e1b066b2-c949-4acc-82ed-0c487d9ec2f4 + - 0b828255-2c3d-4429-b94f-a2a8529253f1 Atl-Traceid: - - e1b066b2c9494acc82ed0c487d9ec2f4 + - 0b8282552c3d4429b94fa2a8529253f1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1132,7 +1168,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:09 GMT + - Tue, 04 Nov 2025 18:02:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1142,7 +1178,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=476,atl-edge;dur=473,atl-edge-internal;dur=18,atl-edge-upstream;dur=456,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="igD7knl5DbuQ5ZfHiFTeeiisYeMlDdQOoONo6UI1z_cCPXBGylTEyA==",cdn-downstream-fbl;dur=480 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=456,atl-edge;dur=366,atl-edge-internal;dur=19,atl-edge-upstream;dur=346,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="SYgu4cfSX83fpR2L6ikLwZgVbmPxx8DWaN23u1pJ3jQkBs93fJ4rHQ==",cdn-downstream-fbl;dur=461 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1152,18 +1188,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0462a83c1b4a9fa5a2554db6feb3a19c.cloudfront.net (CloudFront) + - 1.1 89771419757f75b08f6c8fd411f8ef54.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - igD7knl5DbuQ5ZfHiFTeeiisYeMlDdQOoONo6UI1z_cCPXBGylTEyA== + - SYgu4cfSX83fpR2L6ikLwZgVbmPxx8DWaN23u1pJ3jQkBs93fJ4rHQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P1 X-Arequestid: - - 12b5a3b051873b10044beee8f7c093ae + - 946843fc13402b91740f85fc0d144693 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1177,20 +1217,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified and + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1200,9 +1240,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1222,21 +1262,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3554' + - '3552' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - 64604dff-de45-4e77-bb48-a55ab83f3408 + - 1b62f2cc-df65-4434-b86c-65327d48692c Atl-Traceid: - - 64604dffde454e77bb48a55ab83f3408 + - 1b62f2ccdf654434b86c65327d48692c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1244,7 +1284,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:11 GMT + - Tue, 04 Nov 2025 18:02:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1254,7 +1294,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=489,atl-edge;dur=482,atl-edge-internal;dur=14,atl-edge-upstream;dur=468,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="JdwyDugc3eQLpH6fm9nCuvuWXXpt4CIzYCs20pxu0oTxfN6-JyUubQ==",cdn-downstream-fbl;dur=492 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=435,atl-edge;dur=409,atl-edge-internal;dur=17,atl-edge-upstream;dur=392,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="pkPSgUhZnEDVvSzTho9jSU3DkHyXp5Qk0olAlRnMksJcU_Wv0CL-3Q==",cdn-downstream-fbl;dur=439 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1262,15 +1302,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 de78b5b2f4bbd9bb1abd6bed27a85d78.cloudfront.net (CloudFront) + - 1.1 708370555615eac6a25379c04fbdd8ea.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - JdwyDugc3eQLpH6fm9nCuvuWXXpt4CIzYCs20pxu0oTxfN6-JyUubQ== + - pkPSgUhZnEDVvSzTho9jSU3DkHyXp5Qk0olAlRnMksJcU_Wv0CL-3Q== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P3 X-Arequestid: - - 0e0fd4a41d509e65190567a369b3d2f8 + - be8eb4961a4102d8ade8937be8e4b8f6 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1294,32 +1338,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1329,9 +1373,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1341,12 +1385,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - aeb3ebbc-ad55-4022-ac2e-78ea464a916a + - 4c02c32a-927c-46ac-b551-1ac15ac5f1bc Atl-Traceid: - - aeb3ebbcad554022ac2e78ea464a916a + - 4c02c32a927c46acb5511ac15ac5f1bc Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1356,7 +1400,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:13 GMT + - Tue, 04 Nov 2025 18:02:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1366,7 +1410,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=912,atl-edge;dur=910,atl-edge-internal;dur=14,atl-edge-upstream;dur=896,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="7XHZZP5H0xBAkolpWjvQ9kfqQYYIxMGSsdU4QP3U7K7g9fvkTSu2SA==",cdn-downstream-fbl;dur=916 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=307,atl-edge;dur=283,atl-edge-internal;dur=19,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="limXlHkur7WkBoc__dXe5Z7lMUJXTEvbQsB-cjBcViHkB8Pnf9J2XA==",cdn-downstream-fbl;dur=310 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1376,15 +1420,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e3d6764a647541ed814ff5842b8b1476.cloudfront.net (CloudFront) + - 1.1 76f2e1e449c547c66904d58101f10ea6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 7XHZZP5H0xBAkolpWjvQ9kfqQYYIxMGSsdU4QP3U7K7g9fvkTSu2SA== + - limXlHkur7WkBoc__dXe5Z7lMUJXTEvbQsB-cjBcViHkB8Pnf9J2XA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P2 X-Arequestid: - - 126a2cfadcb8fce8b755f69b40e68012 + - 531933026dbce014e7494f0296ce64df + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1408,17 +1456,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:14.239+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:10.471+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 44087460-6f19-49f2-99b5-bde754b78559 + - 22ded4a6-f69f-47ef-ab07-3196ad878fb3 Atl-Traceid: - - 440874606f1949f299b5bde754b78559 + - 22ded4a6f69f47efab073196ad878fb3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1428,7 +1476,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:14 GMT + - Tue, 04 Nov 2025 18:02:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1438,7 +1486,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=341,atl-edge;dur=339,atl-edge-internal;dur=13,atl-edge-upstream;dur=326,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="26edOcy7Kxo0DyMfI9EUcHRgupdK4HKkmjm2DohsqEoH7900YiC9ug==",cdn-downstream-fbl;dur=345 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=213,atl-edge;dur=190,atl-edge-internal;dur=17,atl-edge-upstream;dur=173,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="hreyU7MUxxAXKkDe_ZyotpsDIUFD2mCeMLKLsiI-g882Ythw-xmQJw==",cdn-downstream-fbl;dur=217 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1448,15 +1496,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 237cbfb8cde372b8f33bda5565e9b52c.cloudfront.net (CloudFront) + - 1.1 b86386058101394cf48b049b58f8d788.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 26edOcy7Kxo0DyMfI9EUcHRgupdK4HKkmjm2DohsqEoH7900YiC9ug== + - hreyU7MUxxAXKkDe_ZyotpsDIUFD2mCeMLKLsiI-g882Ythw-xmQJw== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P1 X-Arequestid: - - 4145c4e9c8c75a255f7163541629a4c0 + - 8402396b323202bf7f468f30dc19b8bc + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1480,32 +1532,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1515,9 +1567,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1527,12 +1579,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 3da11bd3-a8aa-4b1e-961d-5d6a4ef1b8ad + - eb2e2e11-5982-4940-90a2-008f1c3c2118 Atl-Traceid: - - 3da11bd3a8aa4b1e961d5d6a4ef1b8ad + - eb2e2e115982494090a2008f1c3c2118 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1542,7 +1594,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:15 GMT + - Tue, 04 Nov 2025 18:02:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1552,7 +1604,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=408,atl-edge;dur=406,atl-edge-internal;dur=15,atl-edge-upstream;dur=391,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="GJ1_LXZe2jcn2sAWqNq6nOhGBiFv7Lwbp49upI5EyXAtmI0IR3hPzw==",cdn-downstream-fbl;dur=413 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=337,atl-edge;dur=314,atl-edge-internal;dur=33,atl-edge-upstream;dur=278,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="UTGgSNcbBEZ9gXBOrJFZpWjFi-FCeAaLxs0caWpPW2OScGY8fzkJrQ==",cdn-downstream-fbl;dur=341 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1562,15 +1614,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 30a845a852b74a2965aabbcb6034301e.cloudfront.net (CloudFront) + - 1.1 77dfdef79344c95f75de8512042d4bac.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - GJ1_LXZe2jcn2sAWqNq6nOhGBiFv7Lwbp49upI5EyXAtmI0IR3hPzw== + - UTGgSNcbBEZ9gXBOrJFZpWjFi-FCeAaLxs0caWpPW2OScGY8fzkJrQ== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN53-P1 X-Arequestid: - - 5d52321a767cb4de97d53a23c73f19ac + - 598e1c541f46b55e14ff1d61b301538f + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1594,17 +1650,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:16.721+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:11.127+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 385a7b5f-a896-46ea-861f-30162f3a67d7 + - 12aafee7-dbee-4176-9d25-3b5f6c24c890 Atl-Traceid: - - 385a7b5fa89646ea861f30162f3a67d7 + - 12aafee7dbee41769d253b5f6c24c890 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1614,7 +1670,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:16 GMT + - Tue, 04 Nov 2025 18:02:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1624,7 +1680,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=322,atl-edge;dur=320,atl-edge-internal;dur=13,atl-edge-upstream;dur=306,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="iGMFuHs3UcPPfcXVeuZOSQKlyIpjMb3IbpIngT6jpypm5nloql_PoA==",cdn-downstream-fbl;dur=325 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=208,atl-edge;dur=185,atl-edge-internal;dur=15,atl-edge-upstream;dur=168,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="_svgmad-2g87POgHOFQA_8eWqA5tfzydFB8_JkkOl9ux0Q-34y3OjA==",cdn-downstream-fbl;dur=211 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1634,15 +1690,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront) + - 1.1 b93403e5b15ed21bc6e80b8108e9d988.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - iGMFuHs3UcPPfcXVeuZOSQKlyIpjMb3IbpIngT6jpypm5nloql_PoA== + - _svgmad-2g87POgHOFQA_8eWqA5tfzydFB8_JkkOl9ux0Q-34y3OjA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P3 X-Arequestid: - - d501984a1f5c179f63b570c8cff6aff9 + - 52936e1b6d5a4a947debcbeef38be0ea + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1666,32 +1726,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1701,9 +1761,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1713,12 +1773,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 4d3525f2-cfba-40aa-8487-414ba066e229 + - bdb80fe7-822d-4055-8cf4-79b2a6a048ed Atl-Traceid: - - 4d3525f2cfba40aa8487414ba066e229 + - bdb80fe7822d40558cf479b2a6a048ed Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1728,7 +1788,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:18 GMT + - Tue, 04 Nov 2025 18:02:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1738,7 +1798,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=416,atl-edge;dur=414,atl-edge-internal;dur=15,atl-edge-upstream;dur=399,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="hVJwmez2KjuGpj1j-tmMhS0L_kAl6bMq7WZYKBvwWqG-8Ca55801Pw==",cdn-downstream-fbl;dur=421 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=306,atl-edge;dur=283,atl-edge-internal;dur=20,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="bfc6kJYAadYp7um0y2GJYsSrrBUBQxPUIYhtfO4E9sEaAs36Ts9M_Q==",cdn-downstream-fbl;dur=310 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1748,15 +1808,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 df166554184adf2da43f53000107ac74.cloudfront.net (CloudFront) + - 1.1 66fbb9efab6146079af1497f336edf9e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - hVJwmez2KjuGpj1j-tmMhS0L_kAl6bMq7WZYKBvwWqG-8Ca55801Pw== + - bfc6kJYAadYp7um0y2GJYsSrrBUBQxPUIYhtfO4E9sEaAs36Ts9M_Q== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - a7598c5300d79123926b88c4dab487ca + - 7d73a15af779a11b3d3b75d217ad163c + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1780,17 +1844,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:19.275+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:12.083+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 1bd2d2c7-b0f5-4c28-a1ef-35147d370824 + - d0276e3b-06fb-4b2c-a97c-7cb59d11d3e1 Atl-Traceid: - - 1bd2d2c7b0f54c28a1ef35147d370824 + - d0276e3b06fb4b2ca97c7cb59d11d3e1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1800,7 +1864,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:19 GMT + - Tue, 04 Nov 2025 18:02:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1810,7 +1874,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=321,atl-edge;dur=319,atl-edge-internal;dur=14,atl-edge-upstream;dur=306,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="-sdZnGVD8REvkTR7KNeUEeB4BSBZlEUUfHbgJ8sojFxoz8ZDK_-zIQ==",cdn-downstream-fbl;dur=326 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=499,atl-edge;dur=410,atl-edge-internal;dur=19,atl-edge-upstream;dur=390,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="tIKRicT5RfAyIWF7PXHG8sRuaA_osVKZZ0KCu7taydD0uT0RLKQ94w==",cdn-downstream-fbl;dur=504 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1820,15 +1884,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1d3e75fe2262e8a6f4a318b2bf3e6570.cloudfront.net (CloudFront) + - 1.1 93a2323067b2c60f3b86c822765cf3d2.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - -sdZnGVD8REvkTR7KNeUEeB4BSBZlEUUfHbgJ8sojFxoz8ZDK_-zIQ== + - tIKRicT5RfAyIWF7PXHG8sRuaA_osVKZZ0KCu7taydD0uT0RLKQ94w== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P3 X-Arequestid: - - 8eb4360214015ef34f88a0734f4ab22b + - f805233f74018ed4e5cc5b5b7ad65133 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '347' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1852,32 +1920,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1887,9 +1955,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1899,12 +1967,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - a11e7b22-1506-4f68-b366-60cc50e7625f + - 59d3740d-9752-4be3-9634-0bd5846bc0b8 Atl-Traceid: - - a11e7b2215064f68b36660cc50e7625f + - 59d3740d97524be396340bd5846bc0b8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1914,7 +1982,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:20 GMT + - Tue, 04 Nov 2025 18:02:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1924,7 +1992,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=425,atl-edge;dur=422,atl-edge-internal;dur=16,atl-edge-upstream;dur=406,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="0y1t7sSdxZsdjd27ph58eUlxzNXWdCFkLtCrdFZ_v-nx2S-E-xO-ug==",cdn-downstream-fbl;dur=428 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=371,atl-edge;dur=282,atl-edge-internal;dur=18,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="xFq9uPMG9CRshuqmTO_vuiDuItFsogLXAV-C2PAqci9nA2gcZl1uzw==",cdn-downstream-fbl;dur=375 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1934,15 +2002,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 fbd92e37686376c632f471bbca198756.cloudfront.net (CloudFront) + - 1.1 3349382fe72101eee491170c132b7e3c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 0y1t7sSdxZsdjd27ph58eUlxzNXWdCFkLtCrdFZ_v-nx2S-E-xO-ug== + - xFq9uPMG9CRshuqmTO_vuiDuItFsogLXAV-C2PAqci9nA2gcZl1uzw== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P2 X-Arequestid: - - 03cc010086db094fa891f5284c58be24 + - 9e2b1a834627751bcce4a3515ab37072 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1966,7 +2038,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -1980,9 +2052,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - c09de42c-7ecc-4d01-ac0b-683f990b7128 + - cafbc97b-52fb-4e81-8877-4b260e9a9749 Atl-Traceid: - - c09de42c7ecc4d01ac0b683f990b7128 + - cafbc97b52fb4e8188774b260e9a9749 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1992,7 +2064,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:22 GMT + - Tue, 04 Nov 2025 18:02:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2002,7 +2074,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=476,atl-edge;dur=475,atl-edge-internal;dur=13,atl-edge-upstream;dur=461,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="mAL0n6QKIMQbz5GD_TXUITcWeJ7LVTa623bo2f3sl6Zz5LpxO_0Gkg==",cdn-downstream-fbl;dur=480 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=527,atl-edge;dur=437,atl-edge-internal;dur=18,atl-edge-upstream;dur=419,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="xkl-rAU1Om3tF4GT58NRciQiHy4DFZJFh_5kJ_JCDOCy8J_cqG6JGw==",cdn-downstream-fbl;dur=532 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2012,18 +2084,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5e473a5e64c6a2f7bc916721cc188252.cloudfront.net (CloudFront) + - 1.1 73ad00d68a5eb9671b517ae19c83ae52.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - mAL0n6QKIMQbz5GD_TXUITcWeJ7LVTa623bo2f3sl6Zz5LpxO_0Gkg== + - xkl-rAU1Om3tF4GT58NRciQiHy4DFZJFh_5kJ_JCDOCy8J_cqG6JGw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P3 X-Arequestid: - - 0f840bcf24ad92eeb2bf4feb169f09c8 + - e5e3222a3cfcd273504ab373d6c94703 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2037,20 +2113,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified and + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2060,9 +2136,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2082,21 +2158,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3554' + - '3552' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - b1780642-f400-40a0-bf64-e32312a96e7f + - 66d8b50b-2e60-4ae5-b631-8142958d28eb Atl-Traceid: - - b1780642f40040a0bf64e32312a96e7f + - 66d8b50b2e604ae5b6318142958d28eb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2104,7 +2180,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:23 GMT + - Tue, 04 Nov 2025 18:02:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2114,7 +2190,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=500,atl-edge;dur=499,atl-edge-internal;dur=14,atl-edge-upstream;dur=484,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="yHVc2YXatcUeiDtzFIRWHyZpAssPQTkkQ30rpbqixd68PfLs3Z-1Vw==",cdn-downstream-fbl;dur=505 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=393,atl-edge;dur=368,atl-edge-internal;dur=18,atl-edge-upstream;dur=350,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="EW4e3c6E25wWQjSlzbFn5GdaTZGWtIddAqyc4QfQFDZjmij7nH0Mkw==",cdn-downstream-fbl;dur=399 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2122,15 +2198,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c7cd0041811f30bfd9c4a00e82b6a3c8.cloudfront.net (CloudFront) + - 1.1 25c0c572fef0588285c0d89bc75071be.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - yHVc2YXatcUeiDtzFIRWHyZpAssPQTkkQ30rpbqixd68PfLs3Z-1Vw== + - EW4e3c6E25wWQjSlzbFn5GdaTZGWtIddAqyc4QfQFDZjmij7nH0Mkw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P2 X-Arequestid: - - 346ddea5a2724d932e384246a0bd8cd1 + - dc66bb1bf21005c8f9d7345f28888df8 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2154,32 +2234,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2189,9 +2269,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2201,12 +2281,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 734a9b45-56be-4d2d-a7f2-6f4c8b0c4373 + - 0aa75647-dc46-4f8c-b999-89f1ed7950e2 Atl-Traceid: - - 734a9b4556be4d2da7f26f4c8b0c4373 + - 0aa75647dc464f8cb99989f1ed7950e2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2216,7 +2296,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:24 GMT + - Tue, 04 Nov 2025 18:02:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2226,7 +2306,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=409,atl-edge;dur=406,atl-edge-internal;dur=14,atl-edge-upstream;dur=392,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="qosadCarX-6YHbcDTlnseU0M5nyf0G-SQdZQ8Nxp8SKhlkSwGoZuwg==",cdn-downstream-fbl;dur=412 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=471,atl-edge;dur=380,atl-edge-internal;dur=21,atl-edge-upstream;dur=359,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="lDDyxIeawTp0JNd1mxgqAQPS9NWCu9LafnFb2EcPN0F-CjiiHxSTuQ==",cdn-downstream-fbl;dur=474 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2236,15 +2316,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 7bda591fa44b42ef6384ae955fdd5d7c.cloudfront.net (CloudFront) + - 1.1 c29cc996206d7483aa0efdd00191d936.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - qosadCarX-6YHbcDTlnseU0M5nyf0G-SQdZQ8Nxp8SKhlkSwGoZuwg== + - lDDyxIeawTp0JNd1mxgqAQPS9NWCu9LafnFb2EcPN0F-CjiiHxSTuQ== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P1 X-Arequestid: - - c13b6667dc3c1cba83a18bb106e14fd8 + - 20be13273370706533068faf479a6a7f + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2268,17 +2352,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:25.880+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:14.438+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - dc93a941-b162-4ad7-8444-a10a6e89dbe0 + - ff86994c-3756-404b-a894-11ee1fcd0b5a Atl-Traceid: - - dc93a941b1624ad78444a10a6e89dbe0 + - ff86994c3756404ba89411ee1fcd0b5a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2288,7 +2372,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:26 GMT + - Tue, 04 Nov 2025 18:02:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2298,7 +2382,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=316,atl-edge;dur=314,atl-edge-internal;dur=14,atl-edge-upstream;dur=300,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="eMnihDSSW0z_Y93Q4hhhyB3jTqdSZNrsEyZC72vswzNqcdEKikTlJA==",cdn-downstream-fbl;dur=319 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=197,atl-edge;dur=174,atl-edge-internal;dur=14,atl-edge-upstream;dur=160,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="AM7_bpFecKj_cGFzk9tVe6NWJqkc2v00rXUInWnZZmXlXFuJxy2uBQ==",cdn-downstream-fbl;dur=200 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2308,15 +2392,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e3b6a2cc8a3456f4a2dc3bfd506c4344.cloudfront.net (CloudFront) + - 1.1 0ecc9d4faf14441bafb84971a4117abc.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - eMnihDSSW0z_Y93Q4hhhyB3jTqdSZNrsEyZC72vswzNqcdEKikTlJA== + - AM7_bpFecKj_cGFzk9tVe6NWJqkc2v00rXUInWnZZmXlXFuJxy2uBQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P2 X-Arequestid: - - 5c6280e3c2d23adb4d779cea49403270 + - 33c13ab7c3c77c36ed590668cb5e2b5e + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2340,32 +2428,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2375,9 +2463,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2387,12 +2475,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - fcb574a4-8cf4-4875-a147-dfa682e4546e + - 9f81f68a-63bc-4ec4-ac0c-db8cda2b9aa4 Atl-Traceid: - - fcb574a48cf44875a147dfa682e4546e + - 9f81f68a63bc4ec4ac0cdb8cda2b9aa4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2402,7 +2490,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:27 GMT + - Tue, 04 Nov 2025 18:02:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2412,7 +2500,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=413,atl-edge;dur=411,atl-edge-internal;dur=17,atl-edge-upstream;dur=394,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="OD5dm0zurXC1ovFJVWDSjBg4Sb_DgnHJCnuYba2aJ04Op8BPaKjXvw==",cdn-downstream-fbl;dur=417 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=283,atl-edge;dur=260,atl-edge-internal;dur=17,atl-edge-upstream;dur=243,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="mxSqW12DlFC89a7I2k6p5GVBTzi_gzgElTc55OAe_yrDf0bJ7kNoRg==",cdn-downstream-fbl;dur=286 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2422,15 +2510,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2e2023905a055fb3a137d4ecfec97d0e.cloudfront.net (CloudFront) + - 1.1 e559b1049f75d818d7420cfc59459998.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - OD5dm0zurXC1ovFJVWDSjBg4Sb_DgnHJCnuYba2aJ04Op8BPaKjXvw== + - mxSqW12DlFC89a7I2k6p5GVBTzi_gzgElTc55OAe_yrDf0bJ7kNoRg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P3 X-Arequestid: - - c2d455820b036c618863764a91c098fc + - 5491a4ea21bc0e72852d4e8a1660e400 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2454,17 +2546,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:28.391+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:15.099+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - f6d0f9d2-4590-48bc-8152-5d72931592f5 + - ab5c19f2-16c2-4c4a-8bef-0e4bd5f0719a Atl-Traceid: - - f6d0f9d2459048bc81525d72931592f5 + - ab5c19f216c24c4a8bef0e4bd5f0719a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2474,7 +2566,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:28 GMT + - Tue, 04 Nov 2025 18:02:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2484,7 +2576,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=322,atl-edge;dur=320,atl-edge-internal;dur=15,atl-edge-upstream;dur=305,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="6V9qSafzz2JZ_5MC_TSdvZachXKXEleWpWPk-Kdyu4uHzuaj3_uwFg==",cdn-downstream-fbl;dur=325 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=205,atl-edge;dur=182,atl-edge-internal;dur=15,atl-edge-upstream;dur=167,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="_C-cobHnZPjJdN97SBe43TbJtulZGq1NoCA6tyYlc8P0Xx5m04PPog==",cdn-downstream-fbl;dur=211 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2494,15 +2586,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8e52b0323db9e9f5baf300137747fffe.cloudfront.net (CloudFront) + - 1.1 c4c8de00fdd2495cb82daf882e1daacc.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 6V9qSafzz2JZ_5MC_TSdvZachXKXEleWpWPk-Kdyu4uHzuaj3_uwFg== + - _C-cobHnZPjJdN97SBe43TbJtulZGq1NoCA6tyYlc8P0Xx5m04PPog== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN52-P1 X-Arequestid: - - d0c31fec74eb6012ad421e1fd7220d86 + - ae16cde63bccd1666904484014632824 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2526,32 +2622,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2561,9 +2657,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2573,12 +2669,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 281b6a44-f73b-4cd6-a2ab-14d397818fb5 + - 950d72e6-9fba-4ce9-a7c7-ebad308373e5 Atl-Traceid: - - 281b6a44f73b4cd6a2ab14d397818fb5 + - 950d72e69fba4ce9a7c7ebad308373e5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2588,7 +2684,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:29 GMT + - Tue, 04 Nov 2025 18:02:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2598,7 +2694,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=409,atl-edge;dur=407,atl-edge-internal;dur=16,atl-edge-upstream;dur=391,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="ndnWYuJlAkvSOtk796Qd4dgBoMMJCu-wWtTD8WRZKYp4Q82aUNNhDw==",cdn-downstream-fbl;dur=413 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=326,atl-edge;dur=301,atl-edge-internal;dur=19,atl-edge-upstream;dur=284,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="y419r0ZO3D26d1K3DbwKJsCpb5C912VYELwPgA699f-dvjXrAb96Zg==",cdn-downstream-fbl;dur=330 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2608,15 +2704,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 fda8cdb1c5d1bc3e2d4cabe818dc8c5e.cloudfront.net (CloudFront) + - 1.1 befcfd7ee847a3c890471f27612dbcde.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ndnWYuJlAkvSOtk796Qd4dgBoMMJCu-wWtTD8WRZKYp4Q82aUNNhDw== + - y419r0ZO3D26d1K3DbwKJsCpb5C912VYELwPgA699f-dvjXrAb96Zg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P2 X-Arequestid: - - d5c02579ee062455e12c375dc79414ac + - f4a8afa1f9023254d97fb72e5de75313 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2640,7 +2740,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -2654,9 +2754,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - d5b1587d-7ace-418f-b294-0f1fe7f3df2d + - 4215d28c-ff83-4677-97e2-84339612aa0f Atl-Traceid: - - d5b1587d7ace418fb2940f1fe7f3df2d + - 4215d28cff83467797e284339612aa0f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2666,7 +2766,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:31 GMT + - Tue, 04 Nov 2025 18:02:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2676,7 +2776,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=488,atl-edge;dur=487,atl-edge-internal;dur=15,atl-edge-upstream;dur=471,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="Qsl1LryFgTTEhbX0fkWg4mVTCE-WFajBRreMA73pR1ry4AmrBdzRRA==",cdn-downstream-fbl;dur=493 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=419,atl-edge;dur=396,atl-edge-internal;dur=17,atl-edge-upstream;dur=380,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="KwMEjf_fhEUoSol06_7ER4Jy2ef0-xbJPj2H1m4kUSJwOGKrNei1wQ==",cdn-downstream-fbl;dur=423 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2686,18 +2786,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 701510d744831cda18c48da0cb099172.cloudfront.net (CloudFront) + - 1.1 e1dbbcedf936fc7d0284466c9c65e78c.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - Qsl1LryFgTTEhbX0fkWg4mVTCE-WFajBRreMA73pR1ry4AmrBdzRRA== + - KwMEjf_fhEUoSol06_7ER4Jy2ef0-xbJPj2H1m4kUSJwOGKrNei1wQ== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P3 X-Arequestid: - - 79b57d98774ca76e8aed5132794cc751 + - 6daa4f5587e93f1590f81650f6519cb7 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2711,20 +2815,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* Medium\n *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* Medium\n *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2734,9 +2838,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2756,21 +2860,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3562' + - '3560' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - b9bc77b1-9d5a-4b61-bf23-5df81cfd6ad3 + - 07301fee-2f2c-4b77-a529-6cc8f69e956b Atl-Traceid: - - b9bc77b19d5a4b61bf235df81cfd6ad3 + - 07301fee2f2c4b77a5296cc8f69e956b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2778,7 +2882,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:32 GMT + - Tue, 04 Nov 2025 18:02:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2788,7 +2892,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=680,atl-edge;dur=677,atl-edge-internal;dur=14,atl-edge-upstream;dur=663,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="IAkFhJMfHqlEN9qXXNnM2cL6dJMnoRCVfLSdUTXO1DX952mRXR2upA==",cdn-downstream-fbl;dur=691 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=603,atl-edge;dur=579,atl-edge-internal;dur=20,atl-edge-upstream;dur=558,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="cMir0zB98cXT5Kw12uXTy0IGSFjprWY-1wH64dAXYQ43ndOTkAA_1A==",cdn-downstream-fbl;dur=608 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2796,15 +2900,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0cd8fe15d9bdb168de9cd5f22954d220.cloudfront.net (CloudFront) + - 1.1 6d3c3e0af3263a7b3c6878f2fa9bbff6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - IAkFhJMfHqlEN9qXXNnM2cL6dJMnoRCVfLSdUTXO1DX952mRXR2upA== + - cMir0zB98cXT5Kw12uXTy0IGSFjprWY-1wH64dAXYQ43ndOTkAA_1A== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P1 X-Arequestid: - - 119612430dcd24c162b92685a4ec4318 + - 068a2f7c30152724a73a3fddd724dc51 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2828,32 +2936,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:32.402+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:16.604+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* Medium\n *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* Medium\n *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2863,9 +2971,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2875,12 +2983,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 4cf28357-92f9-4b5b-ab05-8d67338a38c5 + - 1c5583e2-783a-4932-84d0-937b91403c25 Atl-Traceid: - - 4cf2835792f94b5bab058d67338a38c5 + - 1c5583e2783a493284d0937b91403c25 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2890,7 +2998,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:34 GMT + - Tue, 04 Nov 2025 18:02:17 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2900,7 +3008,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=402,atl-edge;dur=399,atl-edge-internal;dur=17,atl-edge-upstream;dur=382,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="ASfVHl7h8A7GaM9GiXANv7kdDV-O08KP2s3GB_jn4p4A8cSpZiVHCA==",cdn-downstream-fbl;dur=407 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=361,atl-edge;dur=339,atl-edge-internal;dur=19,atl-edge-upstream;dur=320,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="WWmdLWach6_EiC-NpRc-2C74nLCAvT44B6eeqQVngEMx87hrJ_bEig==",cdn-downstream-fbl;dur=365 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2910,15 +3018,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1d3e75fe2262e8a6f4a318b2bf3e6570.cloudfront.net (CloudFront) + - 1.1 057707d7f80ca305efe5fad72e15b94c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ASfVHl7h8A7GaM9GiXANv7kdDV-O08KP2s3GB_jn4p4A8cSpZiVHCA== + - WWmdLWach6_EiC-NpRc-2C74nLCAvT44B6eeqQVngEMx87hrJ_bEig== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P3 X-Arequestid: - - 5fc80e61bbe0f7c058d67823d7f7c34d + - e0fe52aab773bd8dca6281eb92a39c6e + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2942,17 +3054,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:35.110+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:17.647+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 76c7ea07-0390-47fd-a585-d383b1c3173f + - b0e4bd09-950b-4154-bfce-7a7a32a9b180 Atl-Traceid: - - 76c7ea07039047fda585d383b1c3173f + - b0e4bd09950b4154bfce7a7a32a9b180 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2962,7 +3074,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:35 GMT + - Tue, 04 Nov 2025 18:02:17 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2972,7 +3084,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=326,atl-edge;dur=324,atl-edge-internal;dur=15,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="HzpdwHAqNA7_ms-Agdeqbpb1TubqGM3XTDUqlOvZlvwc3UhdLQy2Og==",cdn-downstream-fbl;dur=329 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=200,atl-edge;dur=176,atl-edge-internal;dur=15,atl-edge-upstream;dur=161,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="0teRSuD506uDmqmqcjG8litU-FyYD0nMf4Tmwo82TFEQhxcGoQJnvg==",cdn-downstream-fbl;dur=203 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2982,15 +3094,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 053b1a4cfd9215b4abb8a58ea35b06aa.cloudfront.net (CloudFront) + - 1.1 153b67ebb1db442b5cea7f360e7f8cb6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - HzpdwHAqNA7_ms-Agdeqbpb1TubqGM3XTDUqlOvZlvwc3UhdLQy2Og== + - 0teRSuD506uDmqmqcjG8litU-FyYD0nMf4Tmwo82TFEQhxcGoQJnvg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - d024df9f5d8436ed832241235b603540 + - 01969eb5a814b88e679421007835b28b + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3014,32 +3130,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:32.402+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:16.604+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* Medium\n *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* Medium\n *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3049,9 +3165,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3061,12 +3177,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - d73f340a-460e-47b9-877d-97bd949dd61e + - 9287b432-8a6b-477c-8bda-04e776059298 Atl-Traceid: - - d73f340a460e47b9877d97bd949dd61e + - 9287b4328a6b477c8bda04e776059298 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3076,7 +3192,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:36 GMT + - Tue, 04 Nov 2025 18:02:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3086,7 +3202,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=413,atl-edge;dur=411,atl-edge-internal;dur=14,atl-edge-upstream;dur=396,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="N7d577kMY-kZmHs3RLsrOTjA8Z3AVOQTKaI7nj8qwtTff7ckQJmL6w==",cdn-downstream-fbl;dur=417 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=295,atl-edge;dur=273,atl-edge-internal;dur=17,atl-edge-upstream;dur=256,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="65GVAZ5M-WBpYboVMCLB11ztgq_zYRtFNx8-GS5QyzpQSUTzHnWoow==",cdn-downstream-fbl;dur=299 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3096,15 +3212,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 adb4605fb7528573053aec50d6f562c8.cloudfront.net (CloudFront) + - 1.1 f65dcddaf4d3d1ea834dd4e676c13038.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - N7d577kMY-kZmHs3RLsrOTjA8Z3AVOQTKaI7nj8qwtTff7ckQJmL6w== + - 65GVAZ5M-WBpYboVMCLB11ztgq_zYRtFNx8-GS5QyzpQSUTzHnWoow== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P3 X-Arequestid: - - ca98c1754bb20b5e9a7d2acd497c7900 + - 2b1c493d36a7239aa31e5f19ad106153 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3128,17 +3248,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:37.665+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:18.362+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - a6e38104-4223-48f8-a993-485c77f32d35 + - ac1ae67c-82d9-4511-8731-138bd4222dcc Atl-Traceid: - - a6e38104422348f8a993485c77f32d35 + - ac1ae67c82d945118731138bd4222dcc Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3148,7 +3268,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:37 GMT + - Tue, 04 Nov 2025 18:02:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3158,7 +3278,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=373,atl-edge;dur=369,atl-edge-internal;dur=15,atl-edge-upstream;dur=354,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="_Jve8zXBfmHLnliGyxhUuMlq3eXo0Xhn0iTEiJ3ej9Q-hZuN4A5XHw==",cdn-downstream-fbl;dur=376 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=218,atl-edge;dur=194,atl-edge-internal;dur=15,atl-edge-upstream;dur=180,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="rc_gvP98kUGw9hxGU9pInLW1FPSAWDWqz-ftLnBKKU-cIA5RCpeicQ==",cdn-downstream-fbl;dur=221 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3168,15 +3288,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 da84bd533f95bc21581ad9f33da5b73a.cloudfront.net (CloudFront) + - 1.1 f6327093dd59f54131617ea3ab04bd94.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - _Jve8zXBfmHLnliGyxhUuMlq3eXo0Xhn0iTEiJ3ej9Q-hZuN4A5XHw== + - rc_gvP98kUGw9hxGU9pInLW1FPSAWDWqz-ftLnBKKU-cIA5RCpeicQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P2 X-Arequestid: - - c5c92fc4a0e98ce1cb8ab3dd3fdc0933 + - 418bf4381df42086b99d13c11fe4f9c7 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3200,32 +3324,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:32.402+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:16.604+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* Medium\n *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* Medium\n *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3235,9 +3359,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3247,12 +3371,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 3e345e28-33ef-41dd-b4ed-715010730bbb + - ec0a253d-040d-4e9c-9c61-4ae4ce26fed0 Atl-Traceid: - - 3e345e2833ef41ddb4ed715010730bbb + - ec0a253d040d4e9c9c614ae4ce26fed0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3262,7 +3386,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:39 GMT + - Tue, 04 Nov 2025 18:02:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3272,7 +3396,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=426,atl-edge;dur=424,atl-edge-internal;dur=14,atl-edge-upstream;dur=410,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="PmOe3DbnldohaOsROAx-DQdXjGCtN4Kok_Nvw3-MffoNNz4R7vdNXA==",cdn-downstream-fbl;dur=429 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=303,atl-edge;dur=279,atl-edge-internal;dur=19,atl-edge-upstream;dur=261,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="sVRnGfux1qMBn7xsr9Tp5lQdVbZ0wRttlilvS7nHJC3AVV8H54eMlA==",cdn-downstream-fbl;dur=307 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3282,15 +3406,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0853add243e6eac9b8f74b5c74814a3e.cloudfront.net (CloudFront) + - 1.1 185338419e21d148fae1747402a58e8a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - PmOe3DbnldohaOsROAx-DQdXjGCtN4Kok_Nvw3-MffoNNz4R7vdNXA== + - sVRnGfux1qMBn7xsr9Tp5lQdVbZ0wRttlilvS7nHJC3AVV8H54eMlA== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P2 X-Arequestid: - - 3b74253a001b091c756dcd5d15c9eb98 + - 570ff8977c1e34b277ab3e617c3ca059 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3314,7 +3442,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -3328,9 +3456,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 811d1bf6-d3f5-4256-bc9a-86e31901eaca + - eb57cbb0-3717-464b-9743-c8f0b21332e0 Atl-Traceid: - - 811d1bf6d3f54256bc9a86e31901eaca + - eb57cbb03717464b9743c8f0b21332e0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3340,7 +3468,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:40 GMT + - Tue, 04 Nov 2025 18:02:19 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3350,7 +3478,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=531,atl-edge;dur=526,atl-edge-internal;dur=15,atl-edge-upstream;dur=511,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="VuAizxz11RSDWEw7z1j4TZFiUjIYKfw5KU6RYAeQHwYnzmwAPUePng==",cdn-downstream-fbl;dur=535 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=429,atl-edge;dur=405,atl-edge-internal;dur=18,atl-edge-upstream;dur=388,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="ktsbO9_jiCfL6nXrqpAjiP0Gz8D_7mC5XD7hZOb5pd1MhIgm9FBKhA==",cdn-downstream-fbl;dur=432 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3360,18 +3488,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f993a09ee51fef62e3d92f6802c130d4.cloudfront.net (CloudFront) + - 1.1 3349382fe72101eee491170c132b7e3c.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - VuAizxz11RSDWEw7z1j4TZFiUjIYKfw5KU6RYAeQHwYnzmwAPUePng== + - ktsbO9_jiCfL6nXrqpAjiP0Gz8D_7mC5XD7hZOb5pd1MhIgm9FBKhA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P2 X-Arequestid: - - 03d46ba651a39a03447eddae9e874dc0 + - ac2fdf85b64a9d9775ca926a7b5f4813 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3385,20 +3517,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified and + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3408,9 +3540,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3430,21 +3562,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3554' + - '3552' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - 561a6c1c-a903-4bea-87ea-1b3168dae999 + - 01c257d5-582f-4338-bdde-5c54168925a8 Atl-Traceid: - - 561a6c1ca9034bea87ea1b3168dae999 + - 01c257d5582f4338bdde5c54168925a8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3452,7 +3584,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:42 GMT + - Tue, 04 Nov 2025 18:02:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3462,7 +3594,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=659,atl-edge;dur=656,atl-edge-internal;dur=15,atl-edge-upstream;dur=641,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="wcqI2BhGiZDp5UbhjFvIp4ccvUcd5nJbaxwQMDa9Ht3f1rr8PBxCsg==",cdn-downstream-fbl;dur=663 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=654,atl-edge;dur=628,atl-edge-internal;dur=15,atl-edge-upstream;dur=612,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="w4B8vupClB96Siy6jxa9ucvkK3W5UdOsKDg07yVvq_zx83zgAGYEgg==",cdn-downstream-fbl;dur=659 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3470,15 +3602,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a7a7ee092ee4b4df82064022cbdb7e94.cloudfront.net (CloudFront) + - 1.1 cb4937748c19bcccb40a5a5875f01552.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - wcqI2BhGiZDp5UbhjFvIp4ccvUcd5nJbaxwQMDa9Ht3f1rr8PBxCsg== + - w4B8vupClB96Siy6jxa9ucvkK3W5UdOsKDg07yVvq_zx83zgAGYEgg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - c05cdd5aa9dd6cd71937593633bf314f + - fa67414b72a74c12a7c4312cc58d4056 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3502,32 +3638,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:41.751+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:19.903+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/246]\n*Defect Dojo link:* http://localhost:8080/finding/246 - (246)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + 0.6.0)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3537,9 +3673,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3549,12 +3685,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 520b0b01-3d1d-4e76-bac9-a4341333bfdf + - 4eb3c00f-29db-4e73-b451-0c56228484d2 Atl-Traceid: - - 520b0b013d1d4e76bac9a4341333bfdf + - 4eb3c00f29db4e73b4510c56228484d2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3564,7 +3700,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:43 GMT + - Tue, 04 Nov 2025 18:02:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3574,7 +3710,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=417,atl-edge;dur=414,atl-edge-internal;dur=16,atl-edge-upstream;dur=399,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="hfme_rP70CvAFwiYqT120Zpm9lXaBTXBrMK-_M0qTVIeflYXH16XsA==",cdn-downstream-fbl;dur=420 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=262,atl-edge;dur=240,atl-edge-internal;dur=16,atl-edge-upstream;dur=222,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="lQgy1v4B9EumMwE8ljoo2-gymI-Ok4Jj2T81cBl4QjfvH3JqJ-SxOg==",cdn-downstream-fbl;dur=266 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3584,15 +3720,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b39f0409e845bde1b97cd11f1d544d4e.cloudfront.net (CloudFront) + - 1.1 6767782218a3548f894151ef053fe67e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - hfme_rP70CvAFwiYqT120Zpm9lXaBTXBrMK-_M0qTVIeflYXH16XsA== + - lQgy1v4B9EumMwE8ljoo2-gymI-Ok4Jj2T81cBl4QjfvH3JqJ-SxOg== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P3 X-Arequestid: - - 1fcc61942702b781825f188c2110ac38 + - 33707d82c635970cc166e449d3358406 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3616,17 +3756,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:44.435+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:20.777+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 1579fb0e-c930-4186-9a20-2fcfa46992b4 + - 74e18565-d099-4ad6-9d6b-d28d96bf8459 Atl-Traceid: - - 1579fb0ec93041869a202fcfa46992b4 + - 74e18565d0994ad69d6bd28d96bf8459 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3636,7 +3776,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:44 GMT + - Tue, 04 Nov 2025 18:02:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3646,7 +3786,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=325,atl-edge;dur=322,atl-edge-internal;dur=15,atl-edge-upstream;dur=308,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="G_x4owpeotz2XEZHgWs5Uuxqfo8-L7sWLOj77GX-fULEyslo5j9mUw==",cdn-downstream-fbl;dur=328 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=192,atl-edge;dur=169,atl-edge-internal;dur=16,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="0TaBKfnLKtbgnXw2Qdtr1eDydCIKD399_fj8MNHlgv68MVYnsxmo2g==",cdn-downstream-fbl;dur=196 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3656,15 +3796,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 903696f43fdfc4019d7102b6711e9fca.cloudfront.net (CloudFront) + - 1.1 78848e87583c98ba04111361257adc96.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - G_x4owpeotz2XEZHgWs5Uuxqfo8-L7sWLOj77GX-fULEyslo5j9mUw== + - 0TaBKfnLKtbgnXw2Qdtr1eDydCIKD399_fj8MNHlgv68MVYnsxmo2g== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P3 X-Arequestid: - - 2160cf15d66b64c33bee611478065b84 + - 1c2d36b4f8924bdf469af152b9f32e38 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3688,32 +3832,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:41.751+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:19.903+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/246]\n*Defect Dojo link:* http://localhost:8080/finding/246 - (246)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + 0.6.0)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3723,9 +3867,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3735,12 +3879,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 43c93ab6-0229-4c54-883d-3741b96423ea + - cc51c816-6c4d-4b18-8e3f-fd5570bb454c Atl-Traceid: - - 43c93ab602294c54883d3741b96423ea + - cc51c8166c4d4b188e3ffd5570bb454c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3750,7 +3894,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:45 GMT + - Tue, 04 Nov 2025 18:02:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3760,7 +3904,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=441,atl-edge;dur=439,atl-edge-internal;dur=13,atl-edge-upstream;dur=426,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="dpW_DMJy5zXyyt4NPw43_JNpI4HmIDQcboNeydV0l2omkjYF5DTswA==",cdn-downstream-fbl;dur=444 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=357,atl-edge;dur=265,atl-edge-internal;dur=22,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="OT0tZjbdTj4Q0GhynMs_mtY29Pdgw1jVqZR7IEcz5I6qRaxLbhrV4w==",cdn-downstream-fbl;dur=362 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3770,15 +3914,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 48e2dac80dc53d66fef4721e63ea9f44.cloudfront.net (CloudFront) + - 1.1 fb583d18c6b0f24d4447146b294e4f68.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - dpW_DMJy5zXyyt4NPw43_JNpI4HmIDQcboNeydV0l2omkjYF5DTswA== + - OT0tZjbdTj4Q0GhynMs_mtY29Pdgw1jVqZR7IEcz5I6qRaxLbhrV4w== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P3 X-Arequestid: - - 10ba2168dedfdeb03a7f9aa0529f2b75 + - 5d83d2afbfce3bf3e5ae58b331faba05 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3802,17 +3950,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:46.924+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:21.464+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 21ffd869-6014-462c-b248-bd94e7c28edc + - 687b50ac-ec0e-44a3-9d58-fd99f66384fd Atl-Traceid: - - 21ffd8696014462cb248bd94e7c28edc + - 687b50acec0e44a39d58fd99f66384fd Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3822,7 +3970,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:47 GMT + - Tue, 04 Nov 2025 18:02:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3832,7 +3980,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=327,atl-edge;dur=322,atl-edge-internal;dur=13,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="6VsfvgKWJhpxN4at5Turp7GDClyhwoRyEA__EpiMR-EXzYk60q8Iwg==",cdn-downstream-fbl;dur=330 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=197,atl-edge;dur=174,atl-edge-internal;dur=18,atl-edge-upstream;dur=156,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="ZQN2BfOEdAKhFoAt9OZ0N58efP6aofU9tNgPeSZvtwL-shLpVjX9HA==",cdn-downstream-fbl;dur=202 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3842,15 +3990,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 352b1001018ea123117ef28ad154f522.cloudfront.net (CloudFront) + - 1.1 2049902380178fd7b885115d80ccf966.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 6VsfvgKWJhpxN4at5Turp7GDClyhwoRyEA__EpiMR-EXzYk60q8Iwg== + - ZQN2BfOEdAKhFoAt9OZ0N58efP6aofU9tNgPeSZvtwL-shLpVjX9HA== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN52-P3 X-Arequestid: - - f418272caccb8d2147c4d558674e736f + - 229239e5000d8dd0c8e8ba625cfd4704 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3874,32 +4026,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:41.751+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:19.903+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/246]\n*Defect Dojo link:* http://localhost:8080/finding/246 - (246)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + 0.6.0)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3909,9 +4061,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3921,12 +4073,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 6722837c-e5b0-4f12-9444-5843ba718b6e + - 5faf540f-0924-41b3-ac00-52853f96beaf Atl-Traceid: - - 6722837ce5b04f1294445843ba718b6e + - 5faf540f092441b3ac0052853f96beaf Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3936,7 +4088,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:48 GMT + - Tue, 04 Nov 2025 18:02:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3946,7 +4098,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=413,atl-edge;dur=410,atl-edge-internal;dur=16,atl-edge-upstream;dur=394,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="ATzhvy2a-PIuET60o8koOVbNx986h8hTsk_fa4rrdZvH6l3XjslNyQ==",cdn-downstream-fbl;dur=416 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=266,atl-edge;dur=243,atl-edge-internal;dur=16,atl-edge-upstream;dur=225,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="rswtz3OxLDcQEuIK6ZW0R1GZW5YtX4c1Pl9HXjOlw_I9UYPPTcc9cg==",cdn-downstream-fbl;dur=269 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3956,15 +4108,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f5bc0d54a76b57b6f435f98d3e741ea4.cloudfront.net (CloudFront) + - 1.1 a0b647da77edd97cca88fb4c4b1a9d08.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ATzhvy2a-PIuET60o8koOVbNx986h8hTsk_fa4rrdZvH6l3XjslNyQ== + - rswtz3OxLDcQEuIK6ZW0R1GZW5YtX4c1Pl9HXjOlw_I9UYPPTcc9cg== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN52-P3 X-Arequestid: - - 31ba58eebd3eacf9ffc61b64f7de43df + - ee93271a45c760e65898abf3bb73720a + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3988,17 +4144,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:49.396+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:22.089+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - a6890f7e-ebd3-472c-b471-7a08447f6050 + - 2822b0a1-2381-4898-adfc-01f5c6446f77 Atl-Traceid: - - a6890f7eebd3472cb4717a08447f6050 + - 2822b0a123814898adfc01f5c6446f77 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4008,7 +4164,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:49 GMT + - Tue, 04 Nov 2025 18:02:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4018,7 +4174,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=319,atl-edge;dur=317,atl-edge-internal;dur=13,atl-edge-upstream;dur=304,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="tUeMqBFrnEb9pxvhpu_jLQVQCmhEf2omz7sdgnMT2BLkM0RoYD1Tlw==",cdn-downstream-fbl;dur=322 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=198,atl-edge;dur=173,atl-edge-internal;dur=15,atl-edge-upstream;dur=158,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="880lPGrOwzakRp5eLoiSlW4K6O4oM-JN4AyoHA53PKQ-8dHee9TXDA==",cdn-downstream-fbl;dur=203 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4028,15 +4184,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 903696f43fdfc4019d7102b6711e9fca.cloudfront.net (CloudFront) + - 1.1 89771419757f75b08f6c8fd411f8ef54.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - tUeMqBFrnEb9pxvhpu_jLQVQCmhEf2omz7sdgnMT2BLkM0RoYD1Tlw== + - 880lPGrOwzakRp5eLoiSlW4K6O4oM-JN4AyoHA53PKQ-8dHee9TXDA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P1 X-Arequestid: - - 3b4835ee692f5695f1710e5d47374cea + - 40bd4fa845184618839ea8aa67c1ae16 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '347' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4060,32 +4220,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:41.751+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:19.903+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/246]\n*Defect Dojo link:* http://localhost:8080/finding/246 - (246)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + 0.6.0)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4095,9 +4255,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4107,12 +4267,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 67c1370a-bc1a-4f55-9e71-b1b4b738051b + - 63abcc9a-dffc-4ece-a76c-e2f9d667fd10 Atl-Traceid: - - 67c1370abc1a4f559e71b1b4b738051b + - 63abcc9adffc4ecea76ce2f9d667fd10 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4122,7 +4282,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:50 GMT + - Tue, 04 Nov 2025 18:02:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4132,7 +4292,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=434,atl-edge;dur=432,atl-edge-internal;dur=14,atl-edge-upstream;dur=419,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="ba8SHxFLLGg68-f76vSEtFAO7fQXb1Ov-0j6uDQVYtvLY0GugrpJpg==",cdn-downstream-fbl;dur=437 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=353,atl-edge;dur=330,atl-edge-internal;dur=17,atl-edge-upstream;dur=313,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="1pMJWHmN_3EOqCq9a4w_biaZxFl52ZvHu6VAv68O4h2BnwgMs5P2KQ==",cdn-downstream-fbl;dur=357 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4142,15 +4302,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e6e7ea42488c65b080113b45f9cdebb4.cloudfront.net (CloudFront) + - 1.1 94d9d221defc9832eeda31acd3f6f552.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ba8SHxFLLGg68-f76vSEtFAO7fQXb1Ov-0j6uDQVYtvLY0GugrpJpg== + - 1pMJWHmN_3EOqCq9a4w_biaZxFl52ZvHu6VAv68O4h2BnwgMs5P2KQ== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - 400c59e18b45e8e3fa0002b2094c21c3 + - cfccbfc79ed740076668c127d4688744 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '396' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4174,17 +4338,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:51.948+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:22.814+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - c3602a7e-0a1b-4be5-b2c2-69c3d6a43cb5 + - eca1e81f-0a94-4a03-b9bd-4a93f6a84b6d Atl-Traceid: - - c3602a7e0a1b4be5b2c269c3d6a43cb5 + - eca1e81f0a944a03b9bd4a93f6a84b6d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4194,7 +4358,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:52 GMT + - Tue, 04 Nov 2025 18:02:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4204,7 +4368,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=319,atl-edge;dur=317,atl-edge-internal;dur=14,atl-edge-upstream;dur=304,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="1leZgygHib8gl1z5CDyOOHJ9-3vsXNMVV2fHg41qWYi7kg377pzVSw==",cdn-downstream-fbl;dur=322 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=193,atl-edge;dur=170,atl-edge-internal;dur=15,atl-edge-upstream;dur=155,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="jXY1uKBLKaT59_SDOMTLB73M4F2RM4inplIprXEu-_qK2TVwIN-VoA==",cdn-downstream-fbl;dur=197 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4214,15 +4378,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e3f64b5e1795622ac1fd367fad798c10.cloudfront.net (CloudFront) + - 1.1 d18c8670421cff5c9fa297b260cb2814.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 1leZgygHib8gl1z5CDyOOHJ9-3vsXNMVV2fHg41qWYi7kg377pzVSw== + - jXY1uKBLKaT59_SDOMTLB73M4F2RM4inplIprXEu-_qK2TVwIN-VoA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P2 X-Arequestid: - - 6dfbd41566df0c1f41a7ac92e2e042e5 + - 5f9fc9cf6d353db1070c2ce65d6ee085 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '346' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4246,32 +4414,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:41.751+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:19.903+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/246]\n*Defect Dojo link:* http://localhost:8080/finding/246 - (246)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + 0.6.0)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4281,9 +4449,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4293,12 +4461,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 41b67b2c-b626-40ba-bac9-fc39a923c7d3 + - e29016e5-2b61-4ad7-a841-5c6f1ffa5b88 Atl-Traceid: - - 41b67b2cb62640babac9fc39a923c7d3 + - e29016e52b614ad7a8415c6f1ffa5b88 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4308,7 +4476,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:53 GMT + - Tue, 04 Nov 2025 18:02:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4318,7 +4486,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=425,atl-edge;dur=421,atl-edge-internal;dur=17,atl-edge-upstream;dur=405,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="mE9B1enCL4xDj7R0IVSyX8q5udCQXBNF6LcKss-beW4OL4H27GsliA==",cdn-downstream-fbl;dur=429 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=312,atl-edge;dur=289,atl-edge-internal;dur=16,atl-edge-upstream;dur=273,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="IpfW2dTSUI44CfpFjY1wyc7RmTVxoEJqC6LoedNzO-mwplIp053yaQ==",cdn-downstream-fbl;dur=315 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4328,15 +4496,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f10eedb52fc0d82204e85d20112deafa.cloudfront.net (CloudFront) + - 1.1 51185e40453f61916e037fc6db50766c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - mE9B1enCL4xDj7R0IVSyX8q5udCQXBNF6LcKss-beW4OL4H27GsliA== + - IpfW2dTSUI44CfpFjY1wyc7RmTVxoEJqC6LoedNzO-mwplIp053yaQ== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P3 X-Arequestid: - - 90e17906990c9815bb48ab4bc10d85d1 + - d81f8e468ee18767472c4e7e01b201f8 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '395' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4360,7 +4532,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -4374,9 +4546,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - d83ee3b5-0e28-4302-bf88-5613d4394d37 + - 5f1f2d03-c16d-4955-a9f5-4c05b2bc082c Atl-Traceid: - - d83ee3b50e284302bf885613d4394d37 + - 5f1f2d03c16d4955a9f54c05b2bc082c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4386,7 +4558,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:54 GMT + - Tue, 04 Nov 2025 18:02:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4396,7 +4568,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=479,atl-edge;dur=477,atl-edge-internal;dur=13,atl-edge-upstream;dur=464,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="0zxbWx8U8wpUOxVPbZrapT0HeMgiYdixZLbFdFbbNw99yS9k0gFVBA==",cdn-downstream-fbl;dur=483 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=358,atl-edge;dur=335,atl-edge-internal;dur=22,atl-edge-upstream;dur=313,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="sM8fwxHxq_B2PqZMcjrcgbC-5sLYKRyH70Ul5GaznVzvbdt2dz9IcQ==",cdn-downstream-fbl;dur=361 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4406,18 +4578,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3d26345933183b6a437e0f8ba3c37df8.cloudfront.net (CloudFront) + - 1.1 20c46424adb033d4de178e11a807b304.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 0zxbWx8U8wpUOxVPbZrapT0HeMgiYdixZLbFdFbbNw99yS9k0gFVBA== + - sM8fwxHxq_B2PqZMcjrcgbC-5sLYKRyH70Ul5GaznVzvbdt2dz9IcQ== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P3 X-Arequestid: - - 04a7e67904697814c3760461514ade57 + - 804a816c21eaf24300509ecb38dd5507 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4431,20 +4607,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified and + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4454,9 +4630,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4476,21 +4652,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3569' + - '3567' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - ecfcbc75-5a1b-410e-a23a-18d82872f5d2 + - 5e4a76c4-2c55-4756-87d4-5a8ec9255775 Atl-Traceid: - - ecfcbc755a1b410ea23a18d82872f5d2 + - 5e4a76c42c55475687d45a8ec9255775 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4498,7 +4674,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:56 GMT + - Tue, 04 Nov 2025 18:02:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4508,7 +4684,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=732,atl-edge;dur=730,atl-edge-internal;dur=16,atl-edge-upstream;dur=714,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="6eZjj8HHRI2CyzlN7EW3aehpZQ8tzNLRyr4Qi7SjFqGSlVGNRC7o3A==",cdn-downstream-fbl;dur=737 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=686,atl-edge;dur=596,atl-edge-internal;dur=16,atl-edge-upstream;dur=578,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="s55Hg-FMAK2BF6raSImonxHF7Q-u10K4gbf3AIrmmqLoiP57cVpeBw==",cdn-downstream-fbl;dur=691 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4516,15 +4692,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0cd8fe15d9bdb168de9cd5f22954d220.cloudfront.net (CloudFront) + - 1.1 c3ec3fa9c5962899febb10c3fdc31872.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 6eZjj8HHRI2CyzlN7EW3aehpZQ8tzNLRyr4Qi7SjFqGSlVGNRC7o3A== + - s55Hg-FMAK2BF6raSImonxHF7Q-u10K4gbf3AIrmmqLoiP57cVpeBw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P2 X-Arequestid: - - 533fd9f775e98c2345237cd9426193ea + - 5bebbc7c18cad54fcbfa61b0fdbd2e6c + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4548,32 +4728,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:56.046+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:24.236+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4583,9 +4763,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4595,12 +4775,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 8400f199-65b4-414f-baf7-5592054c1f69 + - e8dfb429-82a2-4913-9676-ef1e7db01c69 Atl-Traceid: - - 8400f19965b4414fbaf75592054c1f69 + - e8dfb42982a249139676ef1e7db01c69 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4610,7 +4790,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:57 GMT + - Tue, 04 Nov 2025 18:02:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4620,7 +4800,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=432,atl-edge;dur=430,atl-edge-internal;dur=18,atl-edge-upstream;dur=412,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="_XrlV-yHHkh4t90-abrrrC91x0ByE5UYpCCNLNxWjgQpS9F1S8-0fw==",cdn-downstream-fbl;dur=436 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=270,atl-edge;dur=248,atl-edge-internal;dur=16,atl-edge-upstream;dur=232,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="VeqylHLio8CVvKGruHDMtmZCr3l4kgov2bpTNSYfujEf59PJohGSsw==",cdn-downstream-fbl;dur=274 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4630,15 +4810,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9d6e86f5b232838ca6f2f480892525b2.cloudfront.net (CloudFront) + - 1.1 91ce9b89afcd32f5bca16bfe69ee21c2.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - _XrlV-yHHkh4t90-abrrrC91x0ByE5UYpCCNLNxWjgQpS9F1S8-0fw== + - VeqylHLio8CVvKGruHDMtmZCr3l4kgov2bpTNSYfujEf59PJohGSsw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P1 X-Arequestid: - - d7afb007393d480cd76e8a7abe2f52e6 + - 76316377dd541fb74e21401d0a8d2bd3 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4662,17 +4846,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:58.831+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:25.203+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - edbdf0e2-3afa-4a0e-8ea0-dc5e12540981 + - 1f4b4c5f-4bcb-4864-a104-5aa50bd85c8c Atl-Traceid: - - edbdf0e23afa4a0e8ea0dc5e12540981 + - 1f4b4c5f4bcb4864a1045aa50bd85c8c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4682,7 +4866,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:58 GMT + - Tue, 04 Nov 2025 18:02:25 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4692,7 +4876,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=335,atl-edge;dur=332,atl-edge-internal;dur=14,atl-edge-upstream;dur=319,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="R7I2-fTcaCkqcqWE3EQ-vg-SHcF1ZsnBxxwm72QbrNkfPRDS6yX0mw==",cdn-downstream-fbl;dur=339 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=273,atl-edge;dur=183,atl-edge-internal;dur=24,atl-edge-upstream;dur=159,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="fQ4bGgNUnmCBFvheKbWLDsUu5bAKJXPxyMzSK10OAVYU3vjbriNIQg==",cdn-downstream-fbl;dur=277 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4702,15 +4886,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 bc177ce25ddc555a7d303bc4d290a6ec.cloudfront.net (CloudFront) + - 1.1 16d72e0791ff01fc4470d27fc024527a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - R7I2-fTcaCkqcqWE3EQ-vg-SHcF1ZsnBxxwm72QbrNkfPRDS6yX0mw== + - fQ4bGgNUnmCBFvheKbWLDsUu5bAKJXPxyMzSK10OAVYU3vjbriNIQg== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P2 X-Arequestid: - - f7c14dd99f240affc87e565dd2c73000 + - 02d48cf190374fc86b16af4accf371d7 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4734,32 +4922,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:56.046+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:24.236+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4769,9 +4957,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4781,12 +4969,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 7ba6e8f0-3034-4de2-a3fc-4b9be3127dd7 + - 701ffec8-07e8-4cc8-beaa-e7589f2d4d84 Atl-Traceid: - - 7ba6e8f030344de2a3fc4b9be3127dd7 + - 701ffec807e84cc8beaae7589f2d4d84 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4796,7 +4984,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:00 GMT + - Tue, 04 Nov 2025 18:02:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4806,7 +4994,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=426,atl-edge;dur=424,atl-edge-internal;dur=15,atl-edge-upstream;dur=409,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="3ptf39W8aQ8CanFBzy2Lu86HgdWEOyIXufUrQ6v0rkaARx_8x9ibYw==",cdn-downstream-fbl;dur=430 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=756,atl-edge;dur=668,atl-edge-internal;dur=23,atl-edge-upstream;dur=645,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="mIK4SyiIdDVu6RGtG5tCHeQAmcJu0xKZFMg_GJeDO6EtdP5G5CHN4g==",cdn-downstream-fbl;dur=761 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4816,15 +5004,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0c5c9092233f69156c68308fd823bd58.cloudfront.net (CloudFront) + - 1.1 cb4937748c19bcccb40a5a5875f01552.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 3ptf39W8aQ8CanFBzy2Lu86HgdWEOyIXufUrQ6v0rkaARx_8x9ibYw== + - mIK4SyiIdDVu6RGtG5tCHeQAmcJu0xKZFMg_GJeDO6EtdP5G5CHN4g== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P1 X-Arequestid: - - 4753419605d52bfc27fc8ada048a982b + - 46b14ce616c15f26c99f15f0242f139c + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4848,7 +5040,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -4862,9 +5054,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 97ab9ab6-d19e-4ac7-b453-146d97f06c52 + - 91123068-c739-49f8-9735-4d8165d59ba2 Atl-Traceid: - - 97ab9ab6d19e4ac7b453146d97f06c52 + - 91123068c73949f897354d8165d59ba2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4874,7 +5066,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:01 GMT + - Tue, 04 Nov 2025 18:02:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4884,7 +5076,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=470,atl-edge;dur=468,atl-edge-internal;dur=15,atl-edge-upstream;dur=453,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="_Vp4IkTlUNjXH0oEbgyJNr1O1cneAfJRNFyFLEDZKHTOrvemZEiWzw==",cdn-downstream-fbl;dur=473 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=485,atl-edge;dur=396,atl-edge-internal;dur=20,atl-edge-upstream;dur=372,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="AqvsB_y8_rvzry1Pzab-nQYaNJe4pKSotehyV8aHE6qs8lQ9BvMbFw==",cdn-downstream-fbl;dur=488 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4894,18 +5086,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f1646a7b70ef690faac638f9c1dd2364.cloudfront.net (CloudFront) + - 1.1 64544648f8289d0bd61ef02997afb698.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - _Vp4IkTlUNjXH0oEbgyJNr1O1cneAfJRNFyFLEDZKHTOrvemZEiWzw== + - AqvsB_y8_rvzry1Pzab-nQYaNJe4pKSotehyV8aHE6qs8lQ9BvMbFw== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P3 X-Arequestid: - - f6b39322e36636c1db22f112e9b7eb5f + - 73c1cc123a70221112e623f422cf6a61 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4919,20 +5115,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* High *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4942,9 +5138,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4964,21 +5160,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3573' + - '3572' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - c89b407d-62f7-44e5-9f97-cd514707b0a9 + - 6c0835c8-c46a-47af-b2d1-529803d3187e Atl-Traceid: - - c89b407d62f744e59f97cd514707b0a9 + - 6c0835c8c46a47afb2d1529803d3187e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4986,7 +5182,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:03 GMT + - Tue, 04 Nov 2025 18:02:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4996,7 +5192,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="bP-G37a89SS3vjOU-NS0RT7kzB5Jh3FQ1PgcMmUfcPSQHKFgNHB5cw==",cdn-downstream-fbl;dur=748,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=3,cdn-upstream-fbl;dur=745,atl-edge;dur=739,atl-edge-internal;dur=15,atl-edge-upstream;dur=724,atl-edge-pop;desc="aws-ap-southeast-2" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=655,atl-edge;dur=631,atl-edge-internal;dur=15,atl-edge-upstream;dur=616,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="M8BsbPNg6JPvGWu1PlT0Pyv6lVgFrE9URhwnN215kPDxeDUhmL4KDA==",cdn-downstream-fbl;dur=659 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5004,15 +5200,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 d3f1182213e75f053a9e7404f079d540.cloudfront.net (CloudFront) + - 1.1 db94b8e3e5f45aab1e90db086a8debc0.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - bP-G37a89SS3vjOU-NS0RT7kzB5Jh3FQ1PgcMmUfcPSQHKFgNHB5cw== + - M8BsbPNg6JPvGWu1PlT0Pyv6lVgFrE9URhwnN215kPDxeDUhmL4KDA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - 3a4456a163ee6352652f931468a4b203 + - f90b26e068979b5ae9420c34a55ad1d0 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5036,32 +5236,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:02.884+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:27.082+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* High *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5071,9 +5271,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5083,12 +5283,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 81400ede-dfb8-4fff-bf59-8375f44b68f1 + - 4eae537c-d355-44a8-8f77-be67905c5cf4 Atl-Traceid: - - 81400ededfb84fffbf598375f44b68f1 + - 4eae537cd35544a88f77be67905c5cf4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5098,7 +5298,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:04 GMT + - Tue, 04 Nov 2025 18:02:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5108,7 +5308,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=418,atl-edge;dur=415,atl-edge-internal;dur=16,atl-edge-upstream;dur=400,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="7vGXiscnEnA9waYEk87A_4bEN7CAGHgDHCurc6g7SeM_ivZYLEGnjQ==",cdn-downstream-fbl;dur=421 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=340,atl-edge;dur=317,atl-edge-internal;dur=16,atl-edge-upstream;dur=301,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="NPfl8EGZ9a4ePeNO1bYPwYn4tU5OA3NXHpVl7w9WDJvJaHGH_OnJKQ==",cdn-downstream-fbl;dur=344 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5118,15 +5318,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8ccca629f0b1ca48e2e69a056f61f9a6.cloudfront.net (CloudFront) + - 1.1 f0a2a95cb4d25b2414a9c1a7a754943e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 7vGXiscnEnA9waYEk87A_4bEN7CAGHgDHCurc6g7SeM_ivZYLEGnjQ== + - NPfl8EGZ9a4ePeNO1bYPwYn4tU5OA3NXHpVl7w9WDJvJaHGH_OnJKQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P2 X-Arequestid: - - a33acb96444771ae4835f221cb178a85 + - 4b013436975334dac71b5a4a95663298 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5152,17 +5356,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/transitions + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/transitions response: body: string: '' headers: Atl-Request-Id: - - bf37831a-8101-4755-8586-7a191ff86cf9 + - e318c0b2-404d-418a-ad27-51c03002fc80 Atl-Traceid: - - bf37831a8101475585867a191ff86cf9 + - e318c0b2404d418aad2751c03002fc80 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5170,7 +5374,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:06 GMT + - Tue, 04 Nov 2025 18:02:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5180,7 +5384,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=632,atl-edge;dur=630,atl-edge-internal;dur=15,atl-edge-upstream;dur=614,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="0r0FbsOpbohvxvYT9LOyS-t5EaeynQyAKYw5Pef7IukRNR85RiMKdA==",cdn-downstream-fbl;dur=637 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=699,atl-edge;dur=675,atl-edge-internal;dur=18,atl-edge-upstream;dur=658,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="IR71YWtovfyr_it1N_h3rU9HL4Zc7X63-R6GTE6z5da29SvZGcvxNw==",cdn-downstream-fbl;dur=702 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5188,15 +5392,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 59304f445e251c540e46633ed3dd4f64.cloudfront.net (CloudFront) + - 1.1 b5a2e617d7392a245dec0250ae9c6002.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 0r0FbsOpbohvxvYT9LOyS-t5EaeynQyAKYw5Pef7IukRNR85RiMKdA== + - IR71YWtovfyr_it1N_h3rU9HL4Zc7X63-R6GTE6z5da29SvZGcvxNw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P3 X-Arequestid: - - d27ea474430cd26e2752a742e9053729 + - c29c3ac0da5eb8b4309793ef9f63c36f + X-Beta-Ratelimit-Limit: + - '200' + X-Beta-Ratelimit-Remaining: + - '199' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5220,17 +5428,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:07.184+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:28.855+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 30cd79c4-8c53-4bd8-a25a-4758b1592ab6 + - 76b4e1d5-a31b-464c-94ae-60353561bde4 Atl-Traceid: - - 30cd79c48c534bd8a25a4758b1592ab6 + - 76b4e1d5a31b464c94ae60353561bde4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5240,7 +5448,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:07 GMT + - Tue, 04 Nov 2025 18:02:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5250,7 +5458,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=326,atl-edge;dur=325,atl-edge-internal;dur=14,atl-edge-upstream;dur=311,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="ieqvJFIAds223mz3kxdijPb-wv2KRDH2F3ivEWFXa5IvOq9_rxEx6w==",cdn-downstream-fbl;dur=330 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=266,atl-edge;dur=176,atl-edge-internal;dur=23,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="0cHjzpUYaf1RmN2UfXsV1qVWcpC3AqAQKLWo1i4UwGXp8DzStFIOaA==",cdn-downstream-fbl;dur=269 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5260,15 +5468,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3437ef72cec711eb0ebed9222a22cf66.cloudfront.net (CloudFront) + - 1.1 99f4e9fd554682341f34ffd484d44998.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ieqvJFIAds223mz3kxdijPb-wv2KRDH2F3ivEWFXa5IvOq9_rxEx6w== + - 0cHjzpUYaf1RmN2UfXsV1qVWcpC3AqAQKLWo1i4UwGXp8DzStFIOaA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P1 X-Arequestid: - - cb0ac526daf0af7c5259caa3be993c0e + - 69984953ed411b7b0aa2ea595befc83f + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5292,31 +5504,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:05.748+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:28.160+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* High *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5326,9 +5538,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5338,12 +5550,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - e2325969-ac02-47b1-bd45-4198f3584c22 + - 85062ccd-d61a-4d7a-8136-14e7e49c427c Atl-Traceid: - - e2325969ac0247b1bd454198f3584c22 + - 85062ccdd61a4d7a813614e7e49c427c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5353,7 +5565,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:08 GMT + - Tue, 04 Nov 2025 18:02:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5363,7 +5575,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=437,atl-edge;dur=434,atl-edge-internal;dur=16,atl-edge-upstream;dur=419,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="WWJvCeTLXDWUpENBi8zaLSq0DDqktQ5yiqcuh1r4z_yoFLPa7uVLpA==",cdn-downstream-fbl;dur=441 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=430,atl-edge;dur=339,atl-edge-internal;dur=20,atl-edge-upstream;dur=317,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="P_u679crHqEzpRwu3Z6uz8bDrSJgqFr9HjFTKAHrYfeIP9wFw74aIA==",cdn-downstream-fbl;dur=433 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5373,15 +5585,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 00f0469d54a973389150a36c64065326.cloudfront.net (CloudFront) + - 1.1 f0ef5666a43050928ff9758d51713e72.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - WWJvCeTLXDWUpENBi8zaLSq0DDqktQ5yiqcuh1r4z_yoFLPa7uVLpA== + - P_u679crHqEzpRwu3Z6uz8bDrSJgqFr9HjFTKAHrYfeIP9wFw74aIA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P1 X-Arequestid: - - 32f78d7b37ce2fde2a6f0741cc0bd59f + - ddfeb3714c3598a803d35afe890aa0f2 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5405,17 +5621,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:09.687+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:29.670+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - cc256628-176c-4aa2-ab1d-971adbcf397e + - 0ea5aafc-2b64-46e2-a588-b4d7d70bd5a5 Atl-Traceid: - - cc256628176c4aa2ab1d971adbcf397e + - 0ea5aafc2b6446e2a588b4d7d70bd5a5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5425,7 +5641,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:09 GMT + - Tue, 04 Nov 2025 18:02:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5435,7 +5651,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=328,atl-edge;dur=322,atl-edge-internal;dur=14,atl-edge-upstream;dur=308,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="ce3ctW-5-8CBNlZdjWfGm5XLeyvcFndBRZo0dYLQlQuS9f9vahsrmw==",cdn-downstream-fbl;dur=332 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=198,atl-edge;dur=175,atl-edge-internal;dur=14,atl-edge-upstream;dur=160,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="hm1eeI7e3RynwJYjjKvAf5FCmMsa5OWana5C6u_NXxV_jp2OpjPekA==",cdn-downstream-fbl;dur=201 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5445,15 +5661,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 82008a7e089b84e7f0a6d8d139a4e3de.cloudfront.net (CloudFront) + - 1.1 da745b01c27611dac38d175371cb7b54.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ce3ctW-5-8CBNlZdjWfGm5XLeyvcFndBRZo0dYLQlQuS9f9vahsrmw== + - hm1eeI7e3RynwJYjjKvAf5FCmMsa5OWana5C6u_NXxV_jp2OpjPekA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P2 X-Arequestid: - - eb80aa691e1c7ea8db1479c96fe6257c + - 3ed200499a43fc519641aa2dd72fbaf2 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5477,31 +5697,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:05.748+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:28.160+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* High *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5511,9 +5731,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5523,12 +5743,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 61ccfa73-717f-4072-9472-163f7a80f192 + - 2ed7b440-b994-467f-9323-aa4bcad1e65e Atl-Traceid: - - 61ccfa73717f40729472163f7a80f192 + - 2ed7b440b994467f9323aa4bcad1e65e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5538,7 +5758,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:11 GMT + - Tue, 04 Nov 2025 18:02:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5548,7 +5768,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=407,atl-edge;dur=405,atl-edge-internal;dur=17,atl-edge-upstream;dur=386,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="oF1l-2irq1VoYqMdL13w4yEX7wmDRiG8_xwopPO9oXZm5POuBNz84Q==",cdn-downstream-fbl;dur=411 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=308,atl-edge;dur=283,atl-edge-internal;dur=17,atl-edge-upstream;dur=267,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="Qy8aJ2Wbzi0R46MhwPjsDT0vqRGdejoHowouTYwUanEJ7Fi4NoPpkQ==",cdn-downstream-fbl;dur=312 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5558,15 +5778,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3e4f9c0400441c93ce3468dd26ef9ee4.cloudfront.net (CloudFront) + - 1.1 1a5bcf25cf6144683736a6579a7fb98e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - oF1l-2irq1VoYqMdL13w4yEX7wmDRiG8_xwopPO9oXZm5POuBNz84Q== + - Qy8aJ2Wbzi0R46MhwPjsDT0vqRGdejoHowouTYwUanEJ7Fi4NoPpkQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P2 X-Arequestid: - - c1772ea9b8f14e4c17e8b1299c80f57f + - bcdd2be845605b1af6e83a93d85706d1 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5590,17 +5814,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:12.223+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:30.412+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - ab5e7821-b9e9-4f0d-85da-976006f76182 + - dc8a785e-7f1a-4ed3-8f3b-a44e6cc0d9f0 Atl-Traceid: - - ab5e7821b9e94f0d85da976006f76182 + - dc8a785e7f1a4ed38f3ba44e6cc0d9f0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5610,7 +5834,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:12 GMT + - Tue, 04 Nov 2025 18:02:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5620,7 +5844,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=328,atl-edge;dur=326,atl-edge-internal;dur=13,atl-edge-upstream;dur=313,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="wlxgtAjN1p2_Y5y5rRiy1xViSFIl0MicFhmFAIqo6eLMTHwxaaIcPw==",cdn-downstream-fbl;dur=333 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=189,atl-edge;dur=167,atl-edge-internal;dur=14,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="hXD5-bcewdUjjXxgpMsngfnZa31qeEQo8u7qeeI4cawgXXo5_kGFCA==",cdn-downstream-fbl;dur=193 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5630,15 +5854,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e6e7ea42488c65b080113b45f9cdebb4.cloudfront.net (CloudFront) + - 1.1 9379390e7d447e1d911f7741c8ae2f24.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - wlxgtAjN1p2_Y5y5rRiy1xViSFIl0MicFhmFAIqo6eLMTHwxaaIcPw== + - hXD5-bcewdUjjXxgpMsngfnZa31qeEQo8u7qeeI4cawgXXo5_kGFCA== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P1 X-Arequestid: - - f3ccb2ed019adea7ce5dda70d811082c + - 4c87fd04b308864ca1f62aab6b4ca418 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '347' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5662,31 +5890,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:05.748+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:28.160+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* High *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5696,9 +5924,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5708,12 +5936,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - d76f68f8-1644-400e-9b45-c19447794008 + - ef4afb82-570f-4e40-907f-d3e3f4ac01f8 Atl-Traceid: - - d76f68f81644400e9b45c19447794008 + - ef4afb82570f4e40907fd3e3f4ac01f8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5723,7 +5951,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:13 GMT + - Tue, 04 Nov 2025 18:02:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5733,7 +5961,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=450,atl-edge;dur=448,atl-edge-internal;dur=20,atl-edge-upstream;dur=426,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="hpFST4gTmPiWY_ZuXU776uqtfLcJ5_PvH7fGjyP-4VHi00twq0S-fQ==",cdn-downstream-fbl;dur=453 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=298,atl-edge;dur=275,atl-edge-internal;dur=16,atl-edge-upstream;dur=259,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="Eey6fhnPCtbAksd0SHoiuMOPIrIJZ3QvuTZf_kaCxf81JCuIu6bDRg==",cdn-downstream-fbl;dur=301 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5743,15 +5971,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 cc5461804f39ae1b3956b0f75ed048ce.cloudfront.net (CloudFront) + - 1.1 db28001b9bfb563d1bfcaccd38c4436a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - hpFST4gTmPiWY_ZuXU776uqtfLcJ5_PvH7fGjyP-4VHi00twq0S-fQ== + - Eey6fhnPCtbAksd0SHoiuMOPIrIJZ3QvuTZf_kaCxf81JCuIu6bDRg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - b4b5f2a52eec893e2ccf8eff75a9a9a9 + - 4a65143fd32e1fb94325d3d02b65f1b3 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5775,7 +6007,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -5789,9 +6021,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - f44659d7-4b03-4f92-9aa1-49d40a6bb2c3 + - 26d68e00-fc97-4615-8c36-35fc6eb20bd4 Atl-Traceid: - - f44659d74b034f929aa149d40a6bb2c3 + - 26d68e00fc9746158c3635fc6eb20bd4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5801,7 +6033,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:15 GMT + - Tue, 04 Nov 2025 18:02:31 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5811,7 +6043,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=495,atl-edge;dur=488,atl-edge-internal;dur=14,atl-edge-upstream;dur=474,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="kf1934QhBnHiCA0VJlgxA-tUUp9ypGZ1Z0wkPRWa4JRciHRl5uRn0A==",cdn-downstream-fbl;dur=499 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=367,atl-edge;dur=342,atl-edge-internal;dur=19,atl-edge-upstream;dur=324,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="qqGsJCw07be3XxAxHmleKdXeyaaYfHzftA96yWBHzgeefUuQlTO9EQ==",cdn-downstream-fbl;dur=371 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5821,18 +6053,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b96ad58427ffff8b9d3959350f8c9f16.cloudfront.net (CloudFront) + - 1.1 272eaf2883bb602816447bd7132021d2.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - kf1934QhBnHiCA0VJlgxA-tUUp9ypGZ1Z0wkPRWa4JRciHRl5uRn0A== + - qqGsJCw07be3XxAxHmleKdXeyaaYfHzftA96yWBHzgeefUuQlTO9EQ== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P1 X-Arequestid: - - bee7d2e295024835e7a21e2acfbb1dce + - b59f40b78e4805b78dc498f71f2d354a + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5846,20 +6082,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5869,8 +6105,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n *CWE:* + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5894,17 +6130,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - f02be48b-5d7f-465c-b9f5-8a5ff38c5ae7 + - 13a948f5-f71b-4862-9552-c33a25c0439a Atl-Traceid: - - f02be48b5d7f465cb9f58a5ff38c5ae7 + - 13a948f5f71b48629552c33a25c0439a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5912,7 +6148,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:16 GMT + - Tue, 04 Nov 2025 18:02:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5922,7 +6158,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=700,atl-edge;dur=697,atl-edge-internal;dur=15,atl-edge-upstream;dur=681,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="ov56-66LB7eHtH8tKi3qAJrliv2cjrVG5cfJGPa1NG5G3Vmnuwz03A==",cdn-downstream-fbl;dur=704 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=560,atl-edge;dur=536,atl-edge-internal;dur=17,atl-edge-upstream;dur=520,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="G_nlrRB-sJiE1FRGZKzb9-SDjnLhxEHBZGxZThGVXO5FwA9YXoy_Ow==",cdn-downstream-fbl;dur=565 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5930,15 +6166,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4682ab309f4f72758d209c996a38d094.cloudfront.net (CloudFront) + - 1.1 9062d4391fad2aec3a7d6f3edcebc662.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ov56-66LB7eHtH8tKi3qAJrliv2cjrVG5cfJGPa1NG5G3Vmnuwz03A== + - G_nlrRB-sJiE1FRGZKzb9-SDjnLhxEHBZGxZThGVXO5FwA9YXoy_Ow== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN53-P2 X-Arequestid: - - 8bca410ec14b4d5960f61f22f4e21125 + - f3a36fc91e1f81cbe921f0cbd84eaf37 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5962,31 +6202,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:16.303+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:31.787+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5996,8 +6236,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -6008,12 +6248,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - f2bb83a7-fcad-408b-992c-8965df074531 + - 0c38a635-3b3e-4910-9c5d-2f6a1c4cc2a3 Atl-Traceid: - - f2bb83a7fcad408b992c8965df074531 + - 0c38a6353b3e49109c5d2f6a1c4cc2a3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6023,7 +6263,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:17 GMT + - Tue, 04 Nov 2025 18:02:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6033,7 +6273,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=415,atl-edge;dur=413,atl-edge-internal;dur=16,atl-edge-upstream;dur=397,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="cuBJur0jYF5Sz6orVCcBpV7XgdNGnYrF17hRd9gQ0f_JLJPUfFKZYg==",cdn-downstream-fbl;dur=420 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=259,atl-edge;dur=236,atl-edge-internal;dur=16,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="Xiw3f1mCwgx6460JhWRmS5qzMM_ICjpNWNWUnO1U3a52_vIGhNlNLQ==",cdn-downstream-fbl;dur=263 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6043,15 +6283,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4ab519b4cd27a1b8a4b258d7f39bbc7e.cloudfront.net (CloudFront) + - 1.1 98d9402866aa771c6e6bbecb98c200aa.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - cuBJur0jYF5Sz6orVCcBpV7XgdNGnYrF17hRd9gQ0f_JLJPUfFKZYg== + - Xiw3f1mCwgx6460JhWRmS5qzMM_ICjpNWNWUnO1U3a52_vIGhNlNLQ== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P1 X-Arequestid: - - a27a5e0f41ae92f4fda04e384837f4b9 + - a3a53d0a7e425f419a7174ea00993c37 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6075,17 +6319,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:18.996+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:32.594+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 93436a4d-e21f-46c2-9504-7bd393ed51bd + - f896cac3-c253-4eff-a552-e3465f3b8464 Atl-Traceid: - - 93436a4de21f46c295047bd393ed51bd + - f896cac3c2534effa552e3465f3b8464 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6095,7 +6339,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:19 GMT + - Tue, 04 Nov 2025 18:02:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6105,7 +6349,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=311,atl-edge;dur=310,atl-edge-internal;dur=12,atl-edge-upstream;dur=297,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="Bdg8X8QplHvORUIRCFwu3B46RW87UxYNAD6dUq3PLsXuliiqdAoanA==",cdn-downstream-fbl;dur=315 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=202,atl-edge;dur=177,atl-edge-internal;dur=19,atl-edge-upstream;dur=160,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="W5cGxk-h4odaQxyMDqhKlF9wwqCPm0MV9su9qQjvj4zbL5imSb7j0w==",cdn-downstream-fbl;dur=205 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6115,15 +6359,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ddbdc753f03fb9542b090928fc2d074a.cloudfront.net (CloudFront) + - 1.1 d18c8670421cff5c9fa297b260cb2814.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - Bdg8X8QplHvORUIRCFwu3B46RW87UxYNAD6dUq3PLsXuliiqdAoanA== + - W5cGxk-h4odaQxyMDqhKlF9wwqCPm0MV9su9qQjvj4zbL5imSb7j0w== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P2 X-Arequestid: - - cedf3130752c69bb6bfec1b1de700232 + - 6863671811f04aede958d531f927fc9b + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6147,31 +6395,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:16.303+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:31.787+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6181,8 +6429,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -6193,12 +6441,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - cb991777-76b6-4375-b9e7-8652e1e90ee9 + - 1568bced-3eeb-443f-abf4-67c78967c96f Atl-Traceid: - - cb99177776b64375b9e78652e1e90ee9 + - 1568bced3eeb443fabf467c78967c96f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6208,7 +6456,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:20 GMT + - Tue, 04 Nov 2025 18:02:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6218,7 +6466,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=428,atl-edge;dur=427,atl-edge-internal;dur=17,atl-edge-upstream;dur=409,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="zMQy3jJ641KThoVTrpgFW-Dt67aR7PN3k1hRvcqnjQK019Z9Jl6RzQ==",cdn-downstream-fbl;dur=433 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=308,atl-edge;dur=285,atl-edge-internal;dur=18,atl-edge-upstream;dur=267,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="Zmh-PTuHoi8Wz9yaxe3JQqsS1gucXJ0zR_BNggfl_y04kQ737GiKwg==",cdn-downstream-fbl;dur=312 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6228,15 +6476,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3d26345933183b6a437e0f8ba3c37df8.cloudfront.net (CloudFront) + - 1.1 86b6aab4b36e97123c5f76cc2e3ac8ec.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - zMQy3jJ641KThoVTrpgFW-Dt67aR7PN3k1hRvcqnjQK019Z9Jl6RzQ== + - Zmh-PTuHoi8Wz9yaxe3JQqsS1gucXJ0zR_BNggfl_y04kQ737GiKwg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - 8bb6d96117d6cc9b4f67f0ec8e126b04 + - 1574c10e7f6fb37c538e545415c4bdd8 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6260,17 +6512,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:21.535+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:33.308+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 48c68e59-ff64-4946-9a56-f9f5d8fd1966 + - 295e2098-a67e-4e03-844a-fc073a9000a4 Atl-Traceid: - - 48c68e59ff6449469a56f9f5d8fd1966 + - 295e2098a67e4e03844afc073a9000a4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6280,7 +6532,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:21 GMT + - Tue, 04 Nov 2025 18:02:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6290,7 +6542,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=344,atl-edge;dur=342,atl-edge-internal;dur=14,atl-edge-upstream;dur=329,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="IeVebs2HQlaZdB5sqM0Nsy4LdmKP-OpQWmsvw9NCY7AjHThmNbsUqw==",cdn-downstream-fbl;dur=348 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=268,atl-edge;dur=180,atl-edge-internal;dur=18,atl-edge-upstream;dur=159,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="5w4SsVzYCnEby_tzpIqXDOGfyOAiKRC2lRTWddWsv6lduT-A9No-PA==",cdn-downstream-fbl;dur=272 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6300,15 +6552,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e3d6764a647541ed814ff5842b8b1476.cloudfront.net (CloudFront) + - 1.1 9d0c0f607ed2753212b70ce75683881e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - IeVebs2HQlaZdB5sqM0Nsy4LdmKP-OpQWmsvw9NCY7AjHThmNbsUqw== + - 5w4SsVzYCnEby_tzpIqXDOGfyOAiKRC2lRTWddWsv6lduT-A9No-PA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P3 X-Arequestid: - - 302209279622f2e9ea01e1106667e9e1 + - 9f8a86f14c9aab40078ee3ccc6b383bc + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6332,31 +6588,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:16.303+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:31.787+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6366,8 +6622,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -6378,12 +6634,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - bb6fe927-bb9f-4bd1-a81a-4090ec8dc0ff + - 32e21ec6-d322-48c1-9104-6a4b55975dc7 Atl-Traceid: - - bb6fe927bb9f4bd1a81a4090ec8dc0ff + - 32e21ec6d32248c191046a4b55975dc7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6393,7 +6649,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:22 GMT + - Tue, 04 Nov 2025 18:02:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6403,7 +6659,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=414,atl-edge;dur=411,atl-edge-internal;dur=15,atl-edge-upstream;dur=396,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="595hAZhQqjmcQBHd1Egqkm6ZHYTolXHMzywNsdhTNZHdz6WnFtTQ-A==",cdn-downstream-fbl;dur=419 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=310,atl-edge;dur=287,atl-edge-internal;dur=17,atl-edge-upstream;dur=270,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="S8JDi7gASAqQRgM9mClF2vcbWBlgDmU43jXkmvp6E3qqrfF9OUWEqg==",cdn-downstream-fbl;dur=314 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6413,15 +6669,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 7bda591fa44b42ef6384ae955fdd5d7c.cloudfront.net (CloudFront) + - 1.1 057707d7f80ca305efe5fad72e15b94c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 595hAZhQqjmcQBHd1Egqkm6ZHYTolXHMzywNsdhTNZHdz6WnFtTQ-A== + - S8JDi7gASAqQRgM9mClF2vcbWBlgDmU43jXkmvp6E3qqrfF9OUWEqg== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P3 X-Arequestid: - - 91f326b1510687313bb3f3efa259ad63 + - c7eacd26c03d831698066a736bce84b1 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6445,17 +6705,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:24.066+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:34.077+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 1e14899d-fec7-4213-b71f-1b8fe90aa415 + - 06dbdc39-0311-47f8-b906-d9fd82535f8d Atl-Traceid: - - 1e14899dfec74213b71f1b8fe90aa415 + - 06dbdc39031147f8b906d9fd82535f8d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6465,7 +6725,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:24 GMT + - Tue, 04 Nov 2025 18:02:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6475,7 +6735,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=333,atl-edge;dur=329,atl-edge-internal;dur=14,atl-edge-upstream;dur=315,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="nVFu2RBdrP-ld85Vbk3Fw2EMtu0hCjboSsqYDDXjKQ7J1PiXwE-l6g==",cdn-downstream-fbl;dur=336 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=202,atl-edge;dur=179,atl-edge-internal;dur=16,atl-edge-upstream;dur=164,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="GOYaMNJjoXVZli20mbVW0g3t8lc73E_GRlEF9aQQBl__IfezzmDZ0A==",cdn-downstream-fbl;dur=207 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6485,15 +6745,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a97b28e298ec5907aa1d86d22bc232a0.cloudfront.net (CloudFront) + - 1.1 b1a94c3ca6429736112e2213a359c78a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - nVFu2RBdrP-ld85Vbk3Fw2EMtu0hCjboSsqYDDXjKQ7J1PiXwE-l6g== + - GOYaMNJjoXVZli20mbVW0g3t8lc73E_GRlEF9aQQBl__IfezzmDZ0A== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P3 X-Arequestid: - - 3790b3e665db34ced97b98233f3121ee + - 166986c9991bdf435aff80675b7f872b + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '347' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6517,31 +6781,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:16.303+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:31.787+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6551,8 +6815,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -6563,12 +6827,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 7cb7785a-9135-4343-a23f-d17b9347d600 + - 28b2cda1-0c97-4c69-80ca-3a86d6495f8b Atl-Traceid: - - 7cb7785a91354343a23fd17b9347d600 + - 28b2cda10c974c6980ca3a86d6495f8b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6578,7 +6842,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:25 GMT + - Tue, 04 Nov 2025 18:02:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6588,7 +6852,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=411,atl-edge;dur=407,atl-edge-internal;dur=15,atl-edge-upstream;dur=392,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="9YWH1fQ6-XnCRHGsSa90zsK2QCp2Ewyx-MKEdiPL8uXKKcNArbxVhQ==",cdn-downstream-fbl;dur=415 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=281,atl-edge;dur=258,atl-edge-internal;dur=16,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="30aCFrMyTvzA6QXBfYx1ZW4LjaiDACISKsHmdH3EGQRcsP7SHVqevg==",cdn-downstream-fbl;dur=285 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6598,15 +6862,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9f543b41d91998db89601c7fae0f18c2.cloudfront.net (CloudFront) + - 1.1 b1a94c3ca6429736112e2213a359c78a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 9YWH1fQ6-XnCRHGsSa90zsK2QCp2Ewyx-MKEdiPL8uXKKcNArbxVhQ== + - 30aCFrMyTvzA6QXBfYx1ZW4LjaiDACISKsHmdH3EGQRcsP7SHVqevg== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P3 X-Arequestid: - - 55c1f48c7fddfc0efb6ce1119c473814 + - 8d37bcebb95e3160bd9dae0333c3900b + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '396' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6630,7 +6898,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -6644,9 +6912,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 860e22e3-b6f7-4539-b2af-9f9444789bd1 + - 5cb85511-2e94-43ba-bc7e-cb4c1c56d866 Atl-Traceid: - - 860e22e3b6f74539b2af9f9444789bd1 + - 5cb855112e9443babc7ecb4c1c56d866 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6656,7 +6924,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:26 GMT + - Tue, 04 Nov 2025 18:02:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6666,7 +6934,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=504,atl-edge;dur=502,atl-edge-internal;dur=14,atl-edge-upstream;dur=487,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="d8uY-VdXj-N6zj97EaHn-2slpA9E70yQ21SmgsNyGrj6W2EBoqAYxQ==",cdn-downstream-fbl;dur=507 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=323,atl-edge;dur=300,atl-edge-internal;dur=16,atl-edge-upstream;dur=283,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="UTnXXrNGyq-Ixf3YtPiPvKLHb172wh3ukKpTHeJ5P0ctQRjI4F7gPg==",cdn-downstream-fbl;dur=326 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6676,18 +6944,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9478009849c2f6b9551c4c5c23842910.cloudfront.net (CloudFront) + - 1.1 66b4cf5fe1131d403a242f2f9f334158.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - d8uY-VdXj-N6zj97EaHn-2slpA9E70yQ21SmgsNyGrj6W2EBoqAYxQ== + - UTnXXrNGyq-Ixf3YtPiPvKLHb172wh3ukKpTHeJ5P0ctQRjI4F7gPg== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN52-P3 X-Arequestid: - - a3600f900a676b3a32dc23ec383b70d8 + - a069f61a8ac5604f7792c5ba426a342f + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6701,20 +6973,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6724,8 +6996,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n *CWE:* + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6745,21 +7017,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3531' + - '3530' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - ec26d2f8-f396-4d20-812c-cd4f8ba07231 + - ac6e0b47-49a9-46db-a88c-1c9b8c8714b2 Atl-Traceid: - - ec26d2f8f3964d20812ccd4f8ba07231 + - ac6e0b4749a946dba88c1c9b8c8714b2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6767,7 +7039,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:28 GMT + - Tue, 04 Nov 2025 18:02:35 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6777,7 +7049,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=710,atl-edge;dur=707,atl-edge-internal;dur=15,atl-edge-upstream;dur=692,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="Z_0Onz-4EAW-0Pm8K9BgFcF-V_POpqKjP5jAZuVZo_Mbi65kGMN1-w==",cdn-downstream-fbl;dur=713 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=779,atl-edge;dur=755,atl-edge-internal;dur=18,atl-edge-upstream;dur=737,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="irL834izS-OYI0_8uL515V7w_BLDXG2LymmClVTiSFH2U5AC3jZx1w==",cdn-downstream-fbl;dur=784 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6785,15 +7057,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2e2023905a055fb3a137d4ecfec97d0e.cloudfront.net (CloudFront) + - 1.1 a7c0ba01db75946f7df3f7eaf69984b6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - Z_0Onz-4EAW-0Pm8K9BgFcF-V_POpqKjP5jAZuVZo_Mbi65kGMN1-w== + - irL834izS-OYI0_8uL515V7w_BLDXG2LymmClVTiSFH2U5AC3jZx1w== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P2 X-Arequestid: - - 16beae5fd4d5a4a2694940d03f18fcf9 + - 0b99efe7925c20669d0dde45dd27eef4 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6817,31 +7093,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:28.106+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:35.656+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6851,8 +7127,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -6863,12 +7139,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - f192d8c3-df4e-4b67-8248-f41d77c1c341 + - c4cee2ba-8ec5-4981-82db-dbff0edc2657 Atl-Traceid: - - f192d8c3df4e4b678248f41d77c1c341 + - c4cee2ba8ec5498182dbdbff0edc2657 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6878,7 +7154,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:29 GMT + - Tue, 04 Nov 2025 18:02:36 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6888,7 +7164,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=425,atl-edge;dur=423,atl-edge-internal;dur=16,atl-edge-upstream;dur=407,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="jEEwB4sLvUL_pRnhb5CM-ttXTqIbtsFJ1Sgql2nE4aovDNDkkKDxCA==",cdn-downstream-fbl;dur=428 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=272,atl-edge;dur=249,atl-edge-internal;dur=17,atl-edge-upstream;dur=232,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="IEFnfQxZL_y0ZHrTyPdPAyUstPTMb7PdW8rqvbT45w0xgF-EB11lPQ==",cdn-downstream-fbl;dur=276 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6898,15 +7174,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 59067266959db6ef629f60366c4dee48.cloudfront.net (CloudFront) + - 1.1 befcfd7ee847a3c890471f27612dbcde.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - jEEwB4sLvUL_pRnhb5CM-ttXTqIbtsFJ1Sgql2nE4aovDNDkkKDxCA== + - IEFnfQxZL_y0ZHrTyPdPAyUstPTMb7PdW8rqvbT45w0xgF-EB11lPQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P2 X-Arequestid: - - 71ce21f341826f1ccc9af2da7e9a1a65 + - ee30362c6c652b26dbe77bbd8a8e1226 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6932,17 +7212,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/transitions + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/transitions response: body: string: '' headers: Atl-Request-Id: - - 3eb1cbc5-968c-4de6-9e70-1afc25968bb4 + - 88795a8f-0446-4486-8b01-94aa6086d89d Atl-Traceid: - - 3eb1cbc5968c4de69e701afc25968bb4 + - 88795a8f044644868b0194aa6086d89d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6950,7 +7230,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:31 GMT + - Tue, 04 Nov 2025 18:02:36 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6960,7 +7240,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=614,atl-edge;dur=609,atl-edge-internal;dur=15,atl-edge-upstream;dur=594,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="CsZOpBptDzkIbsZobAq4r0rYv-F_qUU8UUxqn65VQYTwh1Tz0_opug==",cdn-downstream-fbl;dur=617 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=594,atl-edge;dur=501,atl-edge-internal;dur=21,atl-edge-upstream;dur=481,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="hinoF4kJkunQNqxVpGq9aYFk_kOPIredaUFg1TdQ0U1lA8Ha5PuFzA==",cdn-downstream-fbl;dur=598 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6968,15 +7248,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2a6cd2383f2f70d74f5acfbb719135b8.cloudfront.net (CloudFront) + - 1.1 d7b3fa0ef559ab3ac226fc78e47d311a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - CsZOpBptDzkIbsZobAq4r0rYv-F_qUU8UUxqn65VQYTwh1Tz0_opug== + - hinoF4kJkunQNqxVpGq9aYFk_kOPIredaUFg1TdQ0U1lA8Ha5PuFzA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P1 X-Arequestid: - - 60a6b34fa410f27f9f9e05ac695f6ecf + - c88049880f993932b4f9398331d24f97 + X-Beta-Ratelimit-Limit: + - '200' + X-Beta-Ratelimit-Remaining: + - '199' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7000,17 +7284,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:32.364+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:37.119+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 618a7a64-03be-48b8-8d9d-739ac89ec899 + - 2771b662-4b46-499a-aaf3-2ffb6229ca81 Atl-Traceid: - - 618a7a6403be48b88d9d739ac89ec899 + - 2771b6624b46499aaaf32ffb6229ca81 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7020,7 +7304,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:32 GMT + - Tue, 04 Nov 2025 18:02:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7030,7 +7314,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=358,atl-edge;dur=353,atl-edge-internal;dur=15,atl-edge-upstream;dur=337,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="2f-Z0Vn7BaLIkqBenmNJ1qJ0I6_JEIrj7W3oHJcX1lqhkHESqbrsow==",cdn-downstream-fbl;dur=362 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=201,atl-edge;dur=177,atl-edge-internal;dur=17,atl-edge-upstream;dur=161,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="zWEDoTZAzfgL-0o_rHae_HfM387v5AsBKgmiDF8S6izbyT9IlNQ6TA==",cdn-downstream-fbl;dur=204 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7040,15 +7324,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b39f0409e845bde1b97cd11f1d544d4e.cloudfront.net (CloudFront) + - 1.1 3fddcbe99f78632bf14e5e80e6c14058.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 2f-Z0Vn7BaLIkqBenmNJ1qJ0I6_JEIrj7W3oHJcX1lqhkHESqbrsow== + - zWEDoTZAzfgL-0o_rHae_HfM387v5AsBKgmiDF8S6izbyT9IlNQ6TA== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P2 X-Arequestid: - - b54d49fdcf7fd373faf25050d4cdd82a + - 6d3bb40d7f6dc856eb5acf3c920edb4f + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7072,32 +7360,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:30.923+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:36.581+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:30.922+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:36.580+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -7107,8 +7395,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -7119,12 +7407,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 142d47d4-68b7-4bd2-95a7-43f40cd1052d + - 1c5abdf4-3914-4f5d-a876-4c4e68f8a09f Atl-Traceid: - - 142d47d468b74bd295a743f40cd1052d + - 1c5abdf439144f5da8764c4e68f8a09f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7134,7 +7422,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:33 GMT + - Tue, 04 Nov 2025 18:02:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7144,7 +7432,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=418,atl-edge;dur=416,atl-edge-internal;dur=14,atl-edge-upstream;dur=402,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="yMO1Lh51rWInQUC6hxUdPDPgvOsr6ktYwykw7kP_BbhkDxNc9qPoHQ==",cdn-downstream-fbl;dur=421 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=379,atl-edge;dur=287,atl-edge-internal;dur=20,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="9cxUthhe0oOIKEM0V1U6EJk_8fcGOFqyjzLWHgRzC0VocNRmJHN9KQ==",cdn-downstream-fbl;dur=383 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7154,15 +7442,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3e61a2014e7d26249915c64513c0b4f2.cloudfront.net (CloudFront) + - 1.1 81c07f42f70c1aec766dc553e24f3864.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - yMO1Lh51rWInQUC6hxUdPDPgvOsr6ktYwykw7kP_BbhkDxNc9qPoHQ== + - 9cxUthhe0oOIKEM0V1U6EJk_8fcGOFqyjzLWHgRzC0VocNRmJHN9KQ== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - 0c328a5f428f4803e5bc6162e4cfc0e9 + - 835607e3053047c761aa5c91f7e0a434 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7186,17 +7478,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:34.833+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:37.910+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - df1d9a92-3007-4a77-8e14-7e049e41d575 + - 5b91aeac-74eb-4042-9faf-7ee67acafa0e Atl-Traceid: - - df1d9a9230074a778e147e049e41d575 + - 5b91aeac74eb40429faf7ee67acafa0e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7206,7 +7498,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:34 GMT + - Tue, 04 Nov 2025 18:02:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7216,7 +7508,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=323,atl-edge;dur=321,atl-edge-internal;dur=16,atl-edge-upstream;dur=306,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="_aa8seReyjY4Q9xnBWQK3idrX8nMwlxI9fX7yC4sVEyrMYZWkd1oew==",cdn-downstream-fbl;dur=327 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=262,atl-edge;dur=173,atl-edge-internal;dur=18,atl-edge-upstream;dur=154,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="w9HcJnW4ya4xOv-WC42GmXRHifLJNmmMsa7EIx-8zZhn5GO2sJETAw==",cdn-downstream-fbl;dur=265 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7226,15 +7518,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c44c600db483eb2098670fa47c16d840.cloudfront.net (CloudFront) + - 1.1 0ec4ee481d2d7e134f4c87a9b9fc4e06.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - _aa8seReyjY4Q9xnBWQK3idrX8nMwlxI9fX7yC4sVEyrMYZWkd1oew== + - w9HcJnW4ya4xOv-WC42GmXRHifLJNmmMsa7EIx-8zZhn5GO2sJETAw== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P2 X-Arequestid: - - e29d883ef0e105ca443d1f81780112ec + - 1f0f20862036e67e517c2ea31fb6bf8b + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7258,32 +7554,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:30.923+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:36.581+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:30.922+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:36.580+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -7293,8 +7589,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -7305,12 +7601,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 90e6857e-afb4-46c5-98aa-c6b22411c647 + - 3102e328-9341-48c0-87f1-fac846f0479f Atl-Traceid: - - 90e6857eafb446c598aac6b22411c647 + - 3102e328934148c087f1fac846f0479f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7320,7 +7616,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:36 GMT + - Tue, 04 Nov 2025 18:02:38 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7330,7 +7626,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=430,atl-edge;dur=428,atl-edge-internal;dur=14,atl-edge-upstream;dur=413,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="TrH92-xsGIhpkPxjnshiaI50r82dUkzOZzXH__n0fF7FIb3z97HiiQ==",cdn-downstream-fbl;dur=434 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=272,atl-edge;dur=249,atl-edge-internal;dur=17,atl-edge-upstream;dur=233,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="Q1yTY_KYiQGdw1sg51d9MDHhbpncBiQ5GIhnYq8sNAZSvT35nIWIHA==",cdn-downstream-fbl;dur=275 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7340,15 +7636,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 6eb4925a459e5104745cfd7f77596766.cloudfront.net (CloudFront) + - 1.1 be287e7673276d1e72db92a6f145d6f0.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - TrH92-xsGIhpkPxjnshiaI50r82dUkzOZzXH__n0fF7FIb3z97HiiQ== + - Q1yTY_KYiQGdw1sg51d9MDHhbpncBiQ5GIhnYq8sNAZSvT35nIWIHA== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P1 X-Arequestid: - - caa2dcecdf3d639f1145c994770919c0 + - 87efe3c9a1d9479690e8f6a2afc128de + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7372,17 +7672,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:37.493+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:38.634+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - a92d6525-f637-4578-a429-0bc3aacab9ac + - f09f13bb-6bff-4e89-b9b2-27496af5197e Atl-Traceid: - - a92d6525f6374578a4290bc3aacab9ac + - f09f13bb6bff4e89b9b227496af5197e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7392,7 +7692,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:37 GMT + - Tue, 04 Nov 2025 18:02:38 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7402,7 +7702,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=325,atl-edge;dur=323,atl-edge-internal;dur=14,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="S9VD-wsJipitOgc74rj5qQigBcwEgjhVLk3wo0G9do61rDst6J6NsQ==",cdn-downstream-fbl;dur=328 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=194,atl-edge;dur=171,atl-edge-internal;dur=14,atl-edge-upstream;dur=157,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="yxQ51jK65LA7XZPIWd5HhQ-XmUXZS62bxZr7SnScQq_IXmUlcR-R-Q==",cdn-downstream-fbl;dur=199 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7412,15 +7712,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2db2695e7e4ed9660f2422e6ea5c01e4.cloudfront.net (CloudFront) + - 1.1 d1f45df4933065053cea3fd574dc6f20.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - S9VD-wsJipitOgc74rj5qQigBcwEgjhVLk3wo0G9do61rDst6J6NsQ== + - yxQ51jK65LA7XZPIWd5HhQ-XmUXZS62bxZr7SnScQq_IXmUlcR-R-Q== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P1 X-Arequestid: - - 27cdec19431783f2459745f27f8840a0 + - 7a28763ee8b48feccc860cc348673990 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '347' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7444,7 +7748,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -7458,9 +7762,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 558cb70a-406b-4b35-b284-2748c7e33752 + - 9f121170-5613-49b2-9458-36faa4027b83 Atl-Traceid: - - 558cb70a406b4b35b2842748c7e33752 + - 9f121170561349b2945836faa4027b83 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7470,7 +7774,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:39 GMT + - Tue, 04 Nov 2025 18:02:39 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7480,7 +7784,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=508,atl-edge;dur=507,atl-edge-internal;dur=19,atl-edge-upstream;dur=488,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="InwEorUHv5Mq8QQG8hUpNCE4Fg0lsF8_YS2pVQK5LgeHXUsahWqn5Q==",cdn-downstream-fbl;dur=512 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=377,atl-edge;dur=353,atl-edge-internal;dur=23,atl-edge-upstream;dur=325,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="rjavgbg41Lw3jUfrFCPvDVqm_0Kd6HGOUfIiAMaZRKUcB5-F7hWpsw==",cdn-downstream-fbl;dur=380 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7490,18 +7794,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 00f0469d54a973389150a36c64065326.cloudfront.net (CloudFront) + - 1.1 88bce767af5e31f726ade38ea5253bd4.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - InwEorUHv5Mq8QQG8hUpNCE4Fg0lsF8_YS2pVQK5LgeHXUsahWqn5Q== + - rjavgbg41Lw3jUfrFCPvDVqm_0Kd6HGOUfIiAMaZRKUcB5-F7hWpsw== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P2 X-Arequestid: - - 0ed9cb8e7dc240b0707dd60d4bb5d3f4 + - 5d7b16c4113abcc24cb4933892410004 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7514,11 +7822,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Jira Api Test 2", "description": "\n\n\n\n\n\n\n*Title*: [Jira Api - Test 2|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* http://localhost:8080/finding/252 - (252)\n\n*Severity:* Medium\n\n\n*Due Date:* Oct. 23, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* http://localhost:8080/finding/240 + (240)\n\n*Severity:* Medium\n\n\n*Due Date:* Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header @@ -7537,21 +7845,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1445' + - '1444' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"21269","key":"NTEST-3090","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21269"}' + string: '{"id":"23616","key":"NTEST-3175","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616"}' headers: Atl-Request-Id: - - 3ff63dc5-ebcd-4ac4-a2c8-d5f24927ba42 + - 6b2750a9-1062-4dc5-b3ec-61f0097a0872 Atl-Traceid: - - 3ff63dc5ebcd4ac4a2c8d5f24927ba42 + - 6b2750a910624dc5b3ec61f0097a0872 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7559,7 +7867,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:40 GMT + - Tue, 04 Nov 2025 18:02:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7569,7 +7877,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=860,atl-edge;dur=858,atl-edge-internal;dur=13,atl-edge-upstream;dur=845,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="RtrZz_FglFXJZkS5BAOBPwdXJU23BXlvAFFM0NZhZrMA-4c03Vatdg==",cdn-downstream-fbl;dur=864 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=726,atl-edge;dur=703,atl-edge-internal;dur=14,atl-edge-upstream;dur=688,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="tnaIJlYR3CEPOa40bygU6PTgmnQMkfQNisxxl2V6s5tH_crOqMjSnA==",cdn-downstream-fbl;dur=729 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7579,15 +7887,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 74ae22067fef6f6228fb9f864f22f58a.cloudfront.net (CloudFront) + - 1.1 21d788b44c2b3d335a275c07a54548b6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - RtrZz_FglFXJZkS5BAOBPwdXJU23BXlvAFFM0NZhZrMA-4c03Vatdg== + - tnaIJlYR3CEPOa40bygU6PTgmnQMkfQNisxxl2V6s5tH_crOqMjSnA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - c92f0bdd5bb87393e5f7f4bdf2aa9fbb + - a2f8f1918bc73d63154c68803bf11a34 + X-Beta-Ratelimit-Limit: + - '200' + X-Beta-Ratelimit-Remaining: + - '199' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7611,23 +7923,23 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3090 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21269","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21269","key":"NTEST-3090","fields":{"statuscategorychangedate":"2025-07-25T21:04:40.572+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23616","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616","key":"NTEST-3175","fields":{"statuscategorychangedate":"2025-11-04T19:02:39.969+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3090/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3090/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:04:40.315+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i0129b:","updated":"2025-07-25T21:04:40.391+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: - [Jira Api Test 2|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* - http://localhost:8080/finding/252 (252)\n\n*Severity:* Medium\n\n\n*Due Date:* - Oct. 23, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:39.717+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sv:","updated":"2025-11-04T19:02:39.806+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: + [Jira Api Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* + http://localhost:8080/finding/240 (240)\n\n*Severity:* Medium\n\n\n*Due Date:* + Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` @@ -7636,12 +7948,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Jira - Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21269/comment","maxResults":0,"total":0,"startAt":0}}}' + Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 1e437d4a-13ba-4797-8c2c-01cc924355be + - 6ccf0ef9-fd9b-4432-bf8a-2e8f11fba7c9 Atl-Traceid: - - 1e437d4a13ba47978c2c01cc924355be + - 6ccf0ef9fd9b4432bf8a2e8f11fba7c9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7651,7 +7963,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:42 GMT + - Tue, 04 Nov 2025 18:02:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7661,7 +7973,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=419,atl-edge;dur=415,atl-edge-internal;dur=15,atl-edge-upstream;dur=401,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="8S9VyLGINImlpiJ4j3ubGhUv1o-g2BZTO1ciTKeoKIhk-spvxidtsg==",cdn-downstream-fbl;dur=422 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=266,atl-edge;dur=242,atl-edge-internal;dur=18,atl-edge-upstream;dur=224,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="e02RKJIW0cRX3HMIMmt_45NvZh27FVNFbnXcy8k50hy-CEBTgRcZcA==",cdn-downstream-fbl;dur=269 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7671,15 +7983,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 55d9a4fa548a24d777eff07223b71680.cloudfront.net (CloudFront) + - 1.1 88bce767af5e31f726ade38ea5253bd4.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 8S9VyLGINImlpiJ4j3ubGhUv1o-g2BZTO1ciTKeoKIhk-spvxidtsg== + - e02RKJIW0cRX3HMIMmt_45NvZh27FVNFbnXcy8k50hy-CEBTgRcZcA== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P2 X-Arequestid: - - f5a71836d563244e63980c37fb2f6ca9 + - 709529d7d52f54071c194da2384bf701 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7703,23 +8019,23 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21269 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23616 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21269","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21269","key":"NTEST-3090","fields":{"statuscategorychangedate":"2025-07-25T21:04:40.572+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23616","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616","key":"NTEST-3175","fields":{"statuscategorychangedate":"2025-11-04T19:02:39.969+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3090/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3090/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:04:40.315+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i0129b:","updated":"2025-07-25T21:04:40.391+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: - [Jira Api Test 2|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* - http://localhost:8080/finding/252 (252)\n\n*Severity:* Medium\n\n\n*Due Date:* - Oct. 23, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:39.717+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sv:","updated":"2025-11-04T19:02:39.806+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: + [Jira Api Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* + http://localhost:8080/finding/240 (240)\n\n*Severity:* Medium\n\n\n*Due Date:* + Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` @@ -7728,12 +8044,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Jira - Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21269/comment","maxResults":0,"total":0,"startAt":0}}}' + Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - fb8865a9-de6a-4547-a248-930797f23e07 + - 6d8fec0e-0266-4452-b189-fde910fcf29f Atl-Traceid: - - fb8865a9de6a4547a248930797f23e07 + - 6d8fec0e02664452b189fde910fcf29f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7743,7 +8059,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:43 GMT + - Tue, 04 Nov 2025 18:02:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7753,7 +8069,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=469,atl-edge;dur=463,atl-edge-internal;dur=14,atl-edge-upstream;dur=449,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="a3rdhYDpzMwSNC6jvjUr4M2CXOtIOOh0QohccCR7cp9FjONsyPwEog==",cdn-downstream-fbl;dur=472 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=296,atl-edge;dur=273,atl-edge-internal;dur=15,atl-edge-upstream;dur=258,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="asmmql3a2Z0pcoxmf8Cmcy0y3dp_rm8faaNSwJktAl0ZSrkNcIt3ew==",cdn-downstream-fbl;dur=300 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7763,15 +8079,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 928b9a46c60991369db0a5ad58525eca.cloudfront.net (CloudFront) + - 1.1 be287e7673276d1e72db92a6f145d6f0.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - a3rdhYDpzMwSNC6jvjUr4M2CXOtIOOh0QohccCR7cp9FjONsyPwEog== + - asmmql3a2Z0pcoxmf8Cmcy0y3dp_rm8faaNSwJktAl0ZSrkNcIt3ew== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - 445f55695c3f1a6427629d1277c30b3e + - 1b1113d26dbfc8e11c2df4be6693a6a0 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7795,17 +8115,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:44.560+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:41.075+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 334df33b-9edc-4b6a-9044-404dc9ff5c7e + - 016d8ff3-a43f-4d81-bf8e-f691137c58f5 Atl-Traceid: - - 334df33b9edc4b6a9044404dc9ff5c7e + - 016d8ff3a43f4d81bf8ef691137c58f5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7815,7 +8135,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:44 GMT + - Tue, 04 Nov 2025 18:02:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7825,7 +8145,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=322,atl-edge;dur=320,atl-edge-internal;dur=13,atl-edge-upstream;dur=307,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="debpY1WfxssrkEHM0QHsfwcH89vPuIJJhE7HDcaNpP0oY3kdbF_Y7w==",cdn-downstream-fbl;dur=326 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=192,atl-edge;dur=170,atl-edge-internal;dur=17,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="lTP-q8vlhlkRdbHTgDAY4oyfp4jlIQNqeJ9ibJAq6z0rCuWXZpTYiQ==",cdn-downstream-fbl;dur=196 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7835,15 +8155,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4ab519b4cd27a1b8a4b258d7f39bbc7e.cloudfront.net (CloudFront) + - 1.1 56a79b3a2ac1e2942686c2337f96fb72.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - debpY1WfxssrkEHM0QHsfwcH89vPuIJJhE7HDcaNpP0oY3kdbF_Y7w== + - lTP-q8vlhlkRdbHTgDAY4oyfp4jlIQNqeJ9ibJAq6z0rCuWXZpTYiQ== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - 475713f08235ad2ff4d6d2ba6bfc5db0 + - 5d06f50f5ef93cbde9fa1e577883230d + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7867,32 +8191,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:30.923+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:36.581+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:30.922+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:36.580+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -7902,8 +8226,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -7914,12 +8238,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - d7727416-2f0f-4158-9dca-a570b84d955c + - 8a0885a3-64ab-454b-b777-8ae81e3e2249 Atl-Traceid: - - d77274162f0f41589dcaa570b84d955c + - 8a0885a364ab454bb7778ae81e3e2249 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7929,7 +8253,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:45 GMT + - Tue, 04 Nov 2025 18:02:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7939,7 +8263,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=421,atl-edge;dur=419,atl-edge-internal;dur=16,atl-edge-upstream;dur=403,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="P2fw0vAE_ByCJA06lVzvMWZ2e7Zm3SfuVLW0fRrF_YRmCeQtdXebgA==",cdn-downstream-fbl;dur=425 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=264,atl-edge;dur=240,atl-edge-internal;dur=17,atl-edge-upstream;dur=224,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="Tz9Kl-gyfx0SS0anc4lJCHIJ93_ulSiq_VI82qKtKWxmLRU8m3F81A==",cdn-downstream-fbl;dur=270 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7949,15 +8273,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 35202ecfee8e63e178de36be1b541f0e.cloudfront.net (CloudFront) + - 1.1 d4fb3448d1a8d3229dcf0a89f4bbe7e8.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - P2fw0vAE_ByCJA06lVzvMWZ2e7Zm3SfuVLW0fRrF_YRmCeQtdXebgA== + - Tz9Kl-gyfx0SS0anc4lJCHIJ93_ulSiq_VI82qKtKWxmLRU8m3F81A== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P2 X-Arequestid: - - 6087ab535e090eb6b59f4cfe7e9473e6 + - 644349756098d57ed8a5f63c0c3e9cb0 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7981,7 +8309,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -7995,9 +8323,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 3da42546-ba13-4dda-866c-d20a84e16d01 + - cb94304c-b90d-475a-9408-02305effd22b Atl-Traceid: - - 3da42546ba134dda866cd20a84e16d01 + - cb94304cb90d475a940802305effd22b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8007,7 +8335,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:47 GMT + - Tue, 04 Nov 2025 18:02:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8017,7 +8345,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=488,atl-edge;dur=486,atl-edge-internal;dur=18,atl-edge-upstream;dur=467,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="g3VtxXsBVYKSCmncnfkuvom0dsXco6WhYb5fb3ofDgmaFMQmM4U-0w==",cdn-downstream-fbl;dur=491 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=346,atl-edge;dur=323,atl-edge-internal;dur=23,atl-edge-upstream;dur=299,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="UnzuSKU2SzUmQRueawdpvO8eJVqoi7YWFHW1iQD1TkfFj4rl0M_GUQ==",cdn-downstream-fbl;dur=350 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8027,18 +8355,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 28cc33f6d1fa8bfd0cce12161c7d5e90.cloudfront.net (CloudFront) + - 1.1 2a3bfb7cadc3003297b11ce744cb58fa.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - g3VtxXsBVYKSCmncnfkuvom0dsXco6WhYb5fb3ofDgmaFMQmM4U-0w== + - UnzuSKU2SzUmQRueawdpvO8eJVqoi7YWFHW1iQD1TkfFj4rl0M_GUQ== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P1 X-Arequestid: - - 65aafeda3bb6c77593484ef88e4ef9ad + - 7d2d0cd26a0660da11dba68d43e4bc1c + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8052,22 +8384,22 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Jira - Api Test 2|http://localhost:8080/finding/252]|Active, Verified|\n\nFindings + Api Test 2|http://localhost:8080/finding/240]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8076,9 +8408,9 @@ interactions: Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/252]\n*Defect - Dojo link:* http://localhost:8080/finding/252 (252)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/240]\n*Defect + Dojo link:* http://localhost:8080/finding/240 (240)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8088,8 +8420,8 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n *CWE:* + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8109,21 +8441,21 @@ interactions: Connection: - keep-alive Content-Length: - - '4766' + - '4764' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - 79c255db-c503-4e0e-9b50-98a72ea9f541 + - ce61edb7-6706-4805-9ac1-1c30234c320a Atl-Traceid: - - 79c255dbc5034e0e9b5098a72ea9f541 + - ce61edb7670648059ac11c30234c320a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8131,7 +8463,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:49 GMT + - Tue, 04 Nov 2025 18:02:42 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8141,7 +8473,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=733,atl-edge;dur=731,atl-edge-internal;dur=15,atl-edge-upstream;dur=715,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="hjfjevc-vaM4TywsXCu7UyrLHHu2t_9ShByAN4AX0QNqjlsvWJKHDw==",cdn-downstream-fbl;dur=736 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=562,atl-edge;dur=538,atl-edge-internal;dur=17,atl-edge-upstream;dur=520,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="cxl1rRHLiXOEFKy_eyIofdI3UZVoTxL4SWjH6xhTVVV7Kkzxk-aEow==",cdn-downstream-fbl;dur=568 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8149,15 +8481,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 14d2e33ccccdcd865bebd3f59cd47112.cloudfront.net (CloudFront) + - 1.1 a827400055d7bbab6e387896737d4e50.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - hjfjevc-vaM4TywsXCu7UyrLHHu2t_9ShByAN4AX0QNqjlsvWJKHDw== + - cxl1rRHLiXOEFKy_eyIofdI3UZVoTxL4SWjH6xhTVVV7Kkzxk-aEow== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P1 X-Arequestid: - - 8fa01f3c9597147842ac2981d47587b1 + - f7ad31b3894d785b676afb78dc128180 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8181,34 +8517,34 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:30.923+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:36.581+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:48.633+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:42.347+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Jira - Api Test 2|http://localhost:8080/finding/252]|Active, Verified|\n\nFindings + Api Test 2|http://localhost:8080/finding/240]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8217,9 +8553,9 @@ interactions: 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/252]\n*Defect - Dojo link:* http://localhost:8080/finding/252 (252)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/240]\n*Defect + Dojo link:* http://localhost:8080/finding/240 (240)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8229,8 +8565,8 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -8241,12 +8577,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 41f75419-75ea-4e95-9274-d6054ccfcee2 + - fadaa2e1-100d-4bbc-bdf3-5bf631e08237 Atl-Traceid: - - 41f7541975ea4e959274d6054ccfcee2 + - fadaa2e1100d4bbcbdf35bf631e08237 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8256,7 +8592,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:50 GMT + - Tue, 04 Nov 2025 18:02:42 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8266,7 +8602,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=393,atl-edge;dur=391,atl-edge-internal;dur=14,atl-edge-upstream;dur=377,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="o6eZVwPv2scLYyoRlTM6K9mZLCyQPV96x58jXdUjdbeIPV3JqDmUCA==",cdn-downstream-fbl;dur=396 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=301,atl-edge;dur=279,atl-edge-internal;dur=20,atl-edge-upstream;dur=253,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="RUbk1CdNKX7HoVgONK_ddfuDd6jvvT9KnT7lZdVli7qKkzR8gqxZCg==",cdn-downstream-fbl;dur=306 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8276,15 +8612,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3468af8a053b0ff241626aed87444af8.cloudfront.net (CloudFront) + - 1.1 acb55e8d2b8ad7df45561a8bccaaa688.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - o6eZVwPv2scLYyoRlTM6K9mZLCyQPV96x58jXdUjdbeIPV3JqDmUCA== + - RUbk1CdNKX7HoVgONK_ddfuDd6jvvT9KnT7lZdVli7qKkzR8gqxZCg== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - 6e0ecef9f44c0d517568cd6ac2158cf7 + - af1bc4a4037d335a6067d2270f53a0af + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8308,17 +8648,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:51.489+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:43.167+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - e2085fbb-1341-4f29-bf85-c446fb3fcd02 + - 15ee5d90-3231-41f0-b2c3-892b9bb8b695 Atl-Traceid: - - e2085fbb13414f29bf85c446fb3fcd02 + - 15ee5d90323141f0b2c3892b9bb8b695 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8328,7 +8668,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:51 GMT + - Tue, 04 Nov 2025 18:02:43 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8338,7 +8678,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=325,atl-edge;dur=322,atl-edge-internal;dur=14,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="gIr-iFP9i0541dGmMb_zIdQDC-Uw48LIoTvzsxURrG-4K3LgxT430Q==",cdn-downstream-fbl;dur=329 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=195,atl-edge;dur=171,atl-edge-internal;dur=17,atl-edge-upstream;dur=154,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="nExqnuGvnhpuFvjIy1W6iJ9uj_BtDk-SYXS4-1rwhyo3o8yRTibDDw==",cdn-downstream-fbl;dur=198 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8348,15 +8688,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 505047c0efc37a1900f1288c6f749f90.cloudfront.net (CloudFront) + - 1.1 6d3c3e0af3263a7b3c6878f2fa9bbff6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - gIr-iFP9i0541dGmMb_zIdQDC-Uw48LIoTvzsxURrG-4K3LgxT430Q== + - nExqnuGvnhpuFvjIy1W6iJ9uj_BtDk-SYXS4-1rwhyo3o8yRTibDDw== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P1 X-Arequestid: - - b2186f1b9bb669695fe7afc1b3c96f73 + - 7f1d87d441b373a938bc920152a2ec43 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8380,7 +8724,103 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23616 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23616","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616","key":"NTEST-3175","fields":{"statuscategorychangedate":"2025-11-04T19:02:39.969+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:39.717+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sv:","updated":"2025-11-04T19:02:39.806+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: + [Jira Api Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* + http://localhost:8080/finding/240 (240)\n\n*Severity:* Medium\n\n\n*Due Date:* + Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Jira + Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616/comment","maxResults":0,"total":0,"startAt":0}}}' + headers: + Atl-Request-Id: + - 4805d705-c762-4bef-9534-74f236add184 + Atl-Traceid: + - 4805d705c7624bef953474f236add184 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Tue, 04 Nov 2025 18:02:43 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=289,atl-edge;dur=265,atl-edge-internal;dur=18,atl-edge-upstream;dur=247,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="Zi4DV03f3prUN_qAqPJO9_YD7e3Fvw04xjDtLQBDnybyYknn8nf3aA==",cdn-downstream-fbl;dur=292 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 81677ea21ca4917e071a8c310dd9130c.cloudfront.net (CloudFront) + X-Aaccountid: + - 5d3878b170e3c90c952f91f6 + X-Amz-Cf-Id: + - Zi4DV03f3prUN_qAqPJO9_YD7e3Fvw04xjDtLQBDnybyYknn8nf3aA== + X-Amz-Cf-Pop: + - DEN53-P3 + X-Arequestid: + - 1a2e9b1564b19619e2747681e843e1a1 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -8394,9 +8834,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - c7f7eef2-a4a8-4401-9b32-a3fb7852c212 + - c9481dbb-3484-4690-bf94-d3f810005d81 Atl-Traceid: - - c7f7eef2a4a844019b32a3fb7852c212 + - c9481dbb34844690bf94d3f810005d81 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8406,7 +8846,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:53 GMT + - Tue, 04 Nov 2025 18:02:43 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8416,7 +8856,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=498,atl-edge;dur=491,atl-edge-internal;dur=15,atl-edge-upstream;dur=476,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="c3jrIl76pD3jkJ10SQGq4HzUs6BJg8nRLkJBjdFKSpvAQR-aEh-DOg==",cdn-downstream-fbl;dur=501 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=327,atl-edge;dur=305,atl-edge-internal;dur=20,atl-edge-upstream;dur=285,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="DDNJSELk2umNkLUpRl83Ri-Wqk7IZ_UfCdDwOHouvM4q9vJl-nhcFQ==",cdn-downstream-fbl;dur=331 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8426,18 +8866,367 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront) + - 1.1 a42ce842e0f60814700ead82353e9f08.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - c3jrIl76pD3jkJ10SQGq4HzUs6BJg8nRLkJBjdFKSpvAQR-aEh-DOg== + - DDNJSELk2umNkLUpRl83Ri-Wqk7IZ_UfCdDwOHouvM4q9vJl-nhcFQ== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P2 X-Arequestid: - - 1b38381ffa2da6a261d14fa8a5862dcd + - 17931357cbd8d5561f50d4a6c5d51d92 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Jira Api Test 2", "description": "\n\n\n\n\n\n\n*Title*: [Jira Api + Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* http://localhost:8080/finding/240 + (240)\n\n*Severity:* Medium\n\n\n*Due Date:* Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* + [(admin) ()|mailto:]\n"}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1426' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.5 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23616 + response: + body: + string: '' + headers: + Atl-Request-Id: + - 42bbf820-b6e4-44be-82b7-c8fc9f825dc6 + Atl-Traceid: + - 42bbf820b6e444be82b7c8fc9f825dc6 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Tue, 04 Nov 2025 18:02:44 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=446,atl-edge;dur=354,atl-edge-internal;dur=20,atl-edge-upstream;dur=331,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="1zwYeyeyM5h3EcErX6VDA1L8AtPCV6shNb2x90yUvQ3qj5NIVdvUEg==",cdn-downstream-fbl;dur=449 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + Via: + - 1.1 979fd411be7856884369a8fd4e9bff60.cloudfront.net (CloudFront) + X-Aaccountid: + - 5d3878b170e3c90c952f91f6 + X-Amz-Cf-Id: + - 1zwYeyeyM5h3EcErX6VDA1L8AtPCV6shNb2x90yUvQ3qj5NIVdvUEg== + X-Amz-Cf-Pop: + - DEN53-P1 + X-Arequestid: + - 250615aeabcfbe557737065a62c1a215 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.5 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23616 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23616","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616","key":"NTEST-3175","fields":{"statuscategorychangedate":"2025-11-04T19:02:39.969+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:39.717+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sv:","updated":"2025-11-04T19:02:39.806+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: + [Jira Api Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* + http://localhost:8080/finding/240 (240)\n\n*Severity:* Medium\n\n\n*Due Date:* + Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Jira + Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616/comment","maxResults":0,"total":0,"startAt":0}}}' + headers: + Atl-Request-Id: + - ba8d4084-be1d-41a8-b845-11eeaae5fbf8 + Atl-Traceid: + - ba8d4084be1d41a8b84511eeaae5fbf8 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Tue, 04 Nov 2025 18:02:44 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=285,atl-edge;dur=261,atl-edge-internal;dur=20,atl-edge-upstream;dur=241,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="p0w-2Wu461GEaaUAAuGKKMTPDFg3gy68nanm9VTBubulSlIWx76EjA==",cdn-downstream-fbl;dur=289 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 96b078df4a5d96ad3cc52cfe9d984774.cloudfront.net (CloudFront) + X-Aaccountid: + - 5d3878b170e3c90c952f91f6 + X-Amz-Cf-Id: + - p0w-2Wu461GEaaUAAuGKKMTPDFg3gy68nanm9VTBubulSlIWx76EjA== + X-Amz-Cf-Pop: + - DEN52-P1 + X-Arequestid: + - 303423a52da482af79f56c2902e4ae4d + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.5 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:45.170+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 578f99f1-7db0-4a70-900a-d2fe9ab5dc21 + Atl-Traceid: + - 578f99f17db04a70900ad2fe9ab5dc21 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Tue, 04 Nov 2025 18:02:45 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=209,atl-edge;dur=186,atl-edge-internal;dur=19,atl-edge-upstream;dur=167,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="tHbo3eG0ebfklHCicGGPg8lN1TzwCNFvJ8-oxnY5mfHt19cZzJDaog==",cdn-downstream-fbl;dur=214 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 2bdc0b4100727fdf0a312e81266d0496.cloudfront.net (CloudFront) + X-Aaccountid: + - 5d3878b170e3c90c952f91f6 + X-Amz-Cf-Id: + - tHbo3eG0ebfklHCicGGPg8lN1TzwCNFvJ8-oxnY5mfHt19cZzJDaog== + X-Amz-Cf-Pop: + - DEN53-P3 + X-Arequestid: + - a29488c93f08409502186ecb3eacf80e + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.5 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest_new.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low_new.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - ff32b5a4-2422-46ac-8447-e342cc6e2062 + Atl-Traceid: + - ff32b5a4242246ac8447e342cc6e2062 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Tue, 04 Nov 2025 18:02:45 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=420,atl-edge;dur=330,atl-edge-internal;dur=16,atl-edge-upstream;dur=315,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="74gmyUqMquXx1vgaHYr1TdpQ-I-b8beTkc_fRt92BNZoTz4GtA5mlw==",cdn-downstream-fbl;dur=424 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 81677ea21ca4917e071a8c310dd9130c.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 5d3878b170e3c90c952f91f6 + X-Amz-Cf-Id: + - 74gmyUqMquXx1vgaHYr1TdpQ-I-b8beTkc_fRt92BNZoTz4GtA5mlw== + X-Amz-Cf-Pop: + - DEN53-P3 + X-Arequestid: + - 1da609fd3ace7576038c6d755d42a2ef + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8451,30 +9240,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/2] in [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. - Summary\n*Severity:* High *Due Date:* Aug. 24, 2025 \n\nFindings matching the - Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/38] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and + Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title + || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]|Active, Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|pg|0.5.3|[Jira - Api Test 3|http://localhost:8080/finding/253]|Active, Verified|\n\nFindings + Api Test 3|http://localhost:8080/finding/241]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]\n*Defect - Dojo link:* http://localhost:8080/finding/248 (248)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when @@ -8504,8 +9294,8 @@ interactions: (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]\n*Defect Dojo link:* http://localhost:8080/finding/250 - (250)\n*Severity:* Medium\n *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]\n*Defect Dojo link:* http://localhost:8080/finding/238 + (238)\n*Severity:* Medium\n *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when @@ -8531,9 +9321,9 @@ interactions: 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/253]\n*Defect - Dojo link:* http://localhost:8080/finding/253 (253)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/241]\n*Defect + Dojo link:* http://localhost:8080/finding/241 (241)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8553,21 +9343,21 @@ interactions: Connection: - keep-alive Content-Length: - - '8237' + - '8234' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"21270","key":"NTEST-3091","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21270"}' + string: '{"id":"23617","key":"NTEST-3176","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23617"}' headers: Atl-Request-Id: - - 4deb6aba-750f-411c-b4c8-ab3a57b7f7ab + - f0decc8b-9d30-43ca-8962-15389f495261 Atl-Traceid: - - 4deb6aba750f411cb4c8ab3a57b7f7ab + - f0decc8b9d3043ca896215389f495261 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8575,7 +9365,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:54 GMT + - Tue, 04 Nov 2025 18:02:46 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8585,7 +9375,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=899,atl-edge;dur=897,atl-edge-internal;dur=15,atl-edge-upstream;dur=882,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="inYiqz7IWVRDefMFh9jiWnxh0KKvGDlWknPxOmQ21KoFtifLpXvNrA==",cdn-downstream-fbl;dur=903 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=818,atl-edge;dur=794,atl-edge-internal;dur=16,atl-edge-upstream;dur=777,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="bPrIcS5nR418--vXoG2RPlt8NsKTXTznFVHgCGJ6L5-zUjo7mCxgpw==",cdn-downstream-fbl;dur=823 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8595,15 +9385,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5e473a5e64c6a2f7bc916721cc188252.cloudfront.net (CloudFront) + - 1.1 bd570b43eaed44365882fda303fb189c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - inYiqz7IWVRDefMFh9jiWnxh0KKvGDlWknPxOmQ21KoFtifLpXvNrA== + - bPrIcS5nR418--vXoG2RPlt8NsKTXTznFVHgCGJ6L5-zUjo7mCxgpw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P1 X-Arequestid: - - 0e7268f8ea6f5c09cf9357e84e5ab505 + - 295b36c1b9b4044f25dda9a9ae8b4a0e + X-Beta-Ratelimit-Limit: + - '200' + X-Beta-Ratelimit-Remaining: + - '199' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8627,43 +9421,43 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3091 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3176 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21270","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21270","key":"NTEST-3091","fields":{"statuscategorychangedate":"2025-07-25T21:04:54.773+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23617","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23617","key":"NTEST-3176","fields":{"statuscategorychangedate":"2025-11-04T19:02:46.464+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3091/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3091/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:04:54.523+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i0129j:","updated":"2025-07-25T21:04:54.626+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3176/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3176/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:46.206+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013t3:","updated":"2025-11-04T19:02:46.305+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/2] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/38] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]|Active, Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|pg|0.5.3|[Jira - Api Test 3|http://localhost:8080/finding/253]|Active, Verified|\n\nFindings + Api Test 3|http://localhost:8080/finding/241]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]\n*Defect - Dojo link:* http://localhost:8080/finding/248 (248)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -8693,9 +9487,9 @@ interactions: - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < - 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]\n*Defect - Dojo link:* http://localhost:8080/finding/250 (250)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]\n*Defect + Dojo link:* http://localhost:8080/finding/238 (238)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -8721,9 +9515,9 @@ interactions: to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/253]\n*Defect - Dojo link:* http://localhost:8080/finding/253 (253)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/241]\n*Defect + Dojo link:* http://localhost:8080/finding/241 (241)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8733,12 +9527,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: pg:5.1.0","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21270/comment","maxResults":0,"total":0,"startAt":0}}}' + in: pg:5.1.0","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23617/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - fd2b32a2-9948-41cd-88bf-6cbd1df98189 + - ae16c5fa-4eb5-45c7-9768-a228c2608bc2 Atl-Traceid: - - fd2b32a2994841cd88bf6cbd1df98189 + - ae16c5fa4eb545c79768a228c2608bc2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8748,7 +9542,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:56 GMT + - Tue, 04 Nov 2025 18:02:47 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8758,7 +9552,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=408,atl-edge;dur=406,atl-edge-internal;dur=14,atl-edge-upstream;dur=392,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="4XEfX4dJ5YBwAI6f_SnCh62tKrKvq7y21EwpkduMm4pqSHftmVvGiA==",cdn-downstream-fbl;dur=412 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=289,atl-edge;dur=265,atl-edge-internal;dur=35,atl-edge-upstream;dur=226,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="9_rx9QRyZITZN524ptMviKyTCUzgQbP0Qurx0P9_PJG6MqQp5OUIew==",cdn-downstream-fbl;dur=293 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8768,15 +9562,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0462a83c1b4a9fa5a2554db6feb3a19c.cloudfront.net (CloudFront) + - 1.1 4c98f000f0c28d2e527e3c684f54be1e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 4XEfX4dJ5YBwAI6f_SnCh62tKrKvq7y21EwpkduMm4pqSHftmVvGiA== + - 9_rx9QRyZITZN524ptMviKyTCUzgQbP0Qurx0P9_PJG6MqQp5OUIew== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P1 X-Arequestid: - - 3a9d3e56327d95940564f0fcc0b23d6b + - 36f82e86b37e2bb4c9eb2e77bb770132 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8800,43 +9598,43 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21270 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23617 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21270","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21270","key":"NTEST-3091","fields":{"statuscategorychangedate":"2025-07-25T21:04:54.773+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23617","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23617","key":"NTEST-3176","fields":{"statuscategorychangedate":"2025-11-04T19:02:46.464+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3091/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3091/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:04:54.523+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i0129j:","updated":"2025-07-25T21:04:54.626+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3176/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3176/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:46.206+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013t3:","updated":"2025-11-04T19:02:46.305+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/2] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/38] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]|Active, Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|pg|0.5.3|[Jira - Api Test 3|http://localhost:8080/finding/253]|Active, Verified|\n\nFindings + Api Test 3|http://localhost:8080/finding/241]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]\n*Defect - Dojo link:* http://localhost:8080/finding/248 (248)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -8866,9 +9664,9 @@ interactions: - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < - 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]\n*Defect - Dojo link:* http://localhost:8080/finding/250 (250)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]\n*Defect + Dojo link:* http://localhost:8080/finding/238 (238)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -8894,9 +9692,9 @@ interactions: to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/253]\n*Defect - Dojo link:* http://localhost:8080/finding/253 (253)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/241]\n*Defect + Dojo link:* http://localhost:8080/finding/241 (241)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8906,12 +9704,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: pg:5.1.0","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21270/comment","maxResults":0,"total":0,"startAt":0}}}' + in: pg:5.1.0","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23617/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 1cb429ad-102a-4cbe-bdd8-bd79665f5db7 + - 4ea7d719-18a3-40c3-b698-4abff25d6fb3 Atl-Traceid: - - 1cb429ad102a4cbebdd8bd79665f5db7 + - 4ea7d71918a340c3b6984abff25d6fb3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8921,7 +9719,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:57 GMT + - Tue, 04 Nov 2025 18:02:47 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8931,7 +9729,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=440,atl-edge;dur=439,atl-edge-internal;dur=14,atl-edge-upstream;dur=424,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="mlCHpIoisIq-pHtHMNUGGlGlxjoX5_JVoaW_yC84De6Y7z71xz5uWw==",cdn-downstream-fbl;dur=444 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=275,atl-edge;dur=251,atl-edge-internal;dur=20,atl-edge-upstream;dur=231,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="1OLwfyJy1uXCc91W2rGv1pQEnhKb-7nX5SWZFbgm25TbkrgQfBXTOA==",cdn-downstream-fbl;dur=280 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8941,15 +9739,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 eeaafdd5e22d1448912c6cf3e1e5bd58.cloudfront.net (CloudFront) + - 1.1 99c24ff7a4f9141fb603a870f066e056.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - mlCHpIoisIq-pHtHMNUGGlGlxjoX5_JVoaW_yC84De6Y7z71xz5uWw== + - 1OLwfyJy1uXCc91W2rGv1pQEnhKb-7nX5SWZFbgm25TbkrgQfBXTOA== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P3 X-Arequestid: - - ee7285228e40f42310c9e8eccc76538d + - dab854a944dc31573ad115bb07e6660f + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: From 789cf11e042623b8e8dab004a03fda0cbef4a567 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 00:25:02 -0700 Subject: [PATCH 17/54] chore(deps): update helm/chart-testing-action action from v2.7.0 to v2.8.0 (.github/workflows/test-helm-chart.yml) (#13629) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/test-helm-chart.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-helm-chart.yml b/.github/workflows/test-helm-chart.yml index c35698e51e9..05590c43782 100644 --- a/.github/workflows/test-helm-chart.yml +++ b/.github/workflows/test-helm-chart.yml @@ -32,7 +32,7 @@ jobs: helm dependency update ./helm/defectdojo - name: Set up chart-testing - uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 + uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0 with: yamale_version: 6.0.0 # renovate: datasource=pypi depName=yamale versioning=semver yamllint_version: 1.37.1 # renovate: datasource=pypi depName=yamllint versioning=semver From 10ccf52572be871d3ae562f65d2d13221c591ec1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 00:25:18 -0700 Subject: [PATCH 18/54] chore(deps): bump boto3 from 1.40.65 to 1.40.66 (#13626) Bumps [boto3](https://github.com/boto/boto3) from 1.40.65 to 1.40.66. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.40.65...1.40.66) --- updated-dependencies: - dependency-name: boto3 dependency-version: 1.40.66 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index f185011d5c0..1701be9e30f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -62,7 +62,7 @@ django-ratelimit==4.1.0 argon2-cffi==25.1.0 blackduck==1.1.3 pycurl==7.45.7 # Required for Celery Broker AWS (SQS) support -boto3==1.40.65 # Required for Celery Broker AWS (SQS) support +boto3==1.40.66 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==3.1.1 fontawesomefree==6.6.0 From 03546192dd672d26bec644b4376e467b25c57a32 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 00:25:51 -0700 Subject: [PATCH 19/54] chore(deps): update dependency vite from 7.1.12 to v7.2.1 (docs/package.json) (#13625) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docs/package-lock.json | 14 ++++++++++---- docs/package.json | 2 +- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index 00e6c52a650..a5f2cd91ccc 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -20,7 +20,7 @@ }, "devDependencies": { "prettier": "3.6.2", - "vite": "7.1.12" + "vite": "7.2.1" }, "engines": { "node": ">=20.11.0" @@ -83,6 +83,7 @@ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.4.tgz", "integrity": "sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA==", "license": "MIT", + "peer": true, "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", @@ -2120,6 +2121,7 @@ "resolved": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz", "integrity": "sha512-P1st0aksCrn9sGZhp8GMYwBnQsbvAWsZAX44oXNNvLHGqAOcoVxmjZiohstwQ7SqKnbR47akdNi+uleWD8+g6A==", "license": "MIT", + "peer": true, "funding": { "type": "opencollective", "url": "https://opencollective.com/popperjs" @@ -2726,6 +2728,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "baseline-browser-mapping": "^2.8.19", "caniuse-lite": "^1.0.30001751", @@ -3797,6 +3800,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "nanoid": "^3.3.11", "picocolors": "^1.1.1", @@ -4453,6 +4457,7 @@ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz", "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "license": "MIT", + "peer": true, "engines": { "node": ">=12" }, @@ -4558,9 +4563,9 @@ "license": "MIT" }, "node_modules/vite": { - "version": "7.1.12", - "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.12.tgz", - "integrity": "sha512-ZWyE8YXEXqJrrSLvYgrRP7p62OziLW7xI5HYGWFzOvupfAlrLvURSzv/FyGyy0eidogEM3ujU+kUG1zuHgb6Ug==", + "version": "7.2.1", + "resolved": "https://registry.npmjs.org/vite/-/vite-7.2.1.tgz", + "integrity": "sha512-qTl3VF7BvOupTR85Zc561sPEgxyUSNSvTQ9fit7DEMP7yPgvvIGm5Zfa1dOM+kOwWGNviK9uFM9ra77+OjK7lQ==", "dev": true, "license": "MIT", "dependencies": { @@ -4656,6 +4661,7 @@ "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "dev": true, "license": "MIT", + "peer": true, "engines": { "node": ">=12" }, diff --git a/docs/package.json b/docs/package.json index e4c4cda9aa6..88953404a36 100644 --- a/docs/package.json +++ b/docs/package.json @@ -27,7 +27,7 @@ }, "devDependencies": { "prettier": "3.6.2", - "vite": "7.1.12" + "vite": "7.2.1" }, "engines": { "node": ">=20.11.0" From bc493c4cf4d53c85d78efd663676611deb28e27e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 00:26:33 -0700 Subject: [PATCH 20/54] chore(deps): update dependency renovatebot/renovate from 41.170.0 to v41.173.0 (.github/workflows/renovate.yaml) (#13622) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 5fe5dc50e66..da720dee8a8 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -21,4 +21,4 @@ jobs: uses: suzuki-shunsuke/github-action-renovate-config-validator@c22827f47f4f4a5364bdba19e1fe36907ef1318e # v1.1.1 with: strict: "true" - validator_version: 41.170.0 # renovate: datasource=github-releases depName=renovatebot/renovate + validator_version: 41.173.0 # renovate: datasource=github-releases depName=renovatebot/renovate From 0024aa2d01333df8189de67ba297b4616530f20d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 00:28:55 -0700 Subject: [PATCH 21/54] fix(deps): update dependency @docsearch/js from 4.2.0 to v4.3.1 (docs/package.json) (#13617) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docs/package-lock.json | 19 ++++++++++++++----- docs/package.json | 2 +- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index a5f2cd91ccc..dfd4996248f 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -10,7 +10,7 @@ "license": "MIT", "dependencies": { "@docsearch/css": "4.2.0", - "@docsearch/js": "4.2.0", + "@docsearch/js": "4.3.1", "@tabler/icons": "3.35.0", "@thulite/doks-core": "1.8.3", "@thulite/images": "3.3.3", @@ -1488,10 +1488,13 @@ "license": "MIT" }, "node_modules/@docsearch/js": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/@docsearch/js/-/js-4.2.0.tgz", - "integrity": "sha512-KBHVPO29QiGUFJYeAqxW0oXtGf/aghNmRrIRPT4/28JAefqoCkNn/ZM/jeQ7fHjl0KNM6C+KlLVYjwyz6lNZnA==", - "license": "MIT" + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/@docsearch/js/-/js-4.3.1.tgz", + "integrity": "sha512-Xi2OztaQqTnNj0HGTcS/RtoXe4ASOgKRuH8hAKKqISqv13oUxpVBIBUHpvPIU4qgmJRZN2gA2gdjdn+VuvrvRQ==", + "license": "MIT", + "dependencies": { + "htm": "3.1.1" + } }, "node_modules/@esbuild/aix-ppc64": { "version": "0.25.11", @@ -3321,6 +3324,12 @@ "node": ">= 0.4" } }, + "node_modules/htm": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/htm/-/htm-3.1.1.tgz", + "integrity": "sha512-983Vyg8NwUE7JkZ6NmOqpCZ+sh1bKv2iYTlUkzlWmA5JD2acKoxd4KVxbMmxX/85mtfdnDmTFoNKcg5DGAvxNQ==", + "license": "Apache-2.0" + }, "node_modules/inflight": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", diff --git a/docs/package.json b/docs/package.json index 88953404a36..7981a45684f 100644 --- a/docs/package.json +++ b/docs/package.json @@ -17,7 +17,7 @@ }, "dependencies": { "@docsearch/css": "4.2.0", - "@docsearch/js": "4.2.0", + "@docsearch/js": "4.3.1", "@tabler/icons": "3.35.0", "@thulite/doks-core": "1.8.3", "@thulite/images": "3.3.3", From e7fed9bfa12e06a53ecb3f63c1cddd522652cf4d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 6 Nov 2025 09:25:55 -0700 Subject: [PATCH 22/54] fix(deps): update dependency @docsearch/css from 4.2.0 to v4.3.1 (docs/package.json) (#13616) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docs/package-lock.json | 8 ++++---- docs/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index dfd4996248f..b497b126d2e 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -9,7 +9,7 @@ "version": "1.8.0", "license": "MIT", "dependencies": { - "@docsearch/css": "4.2.0", + "@docsearch/css": "4.3.1", "@docsearch/js": "4.3.1", "@tabler/icons": "3.35.0", "@thulite/doks-core": "1.8.3", @@ -1482,9 +1482,9 @@ } }, "node_modules/@docsearch/css": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/@docsearch/css/-/css-4.2.0.tgz", - "integrity": "sha512-65KU9Fw5fGsPPPlgIghonMcndyx1bszzrDQYLfierN+Ha29yotMHzVS94bPkZS6On9LS8dE4qmW4P/fGjtCf/g==", + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/@docsearch/css/-/css-4.3.1.tgz", + "integrity": "sha512-Jnct7LKOi/+Oxbmq215YPYASkMdZqtyyDCkma8Cj4sCcbBuybL6fvyBaX7uJoM6kVF7aIpBA38RhHAyN5ByCHg==", "license": "MIT" }, "node_modules/@docsearch/js": { diff --git a/docs/package.json b/docs/package.json index 7981a45684f..5ca2338a4ef 100644 --- a/docs/package.json +++ b/docs/package.json @@ -16,7 +16,7 @@ "preview": "vite preview --outDir public" }, "dependencies": { - "@docsearch/css": "4.2.0", + "@docsearch/css": "4.3.1", "@docsearch/js": "4.3.1", "@tabler/icons": "3.35.0", "@thulite/doks-core": "1.8.3", From d1d9676cc9d2bb5b72d2b67e333030508e875ff2 Mon Sep 17 00:00:00 2001 From: kiblik <5609770+kiblik@users.noreply.github.com> Date: Thu, 6 Nov 2025 18:44:38 +0000 Subject: [PATCH 23/54] feat(renovate): track oldest maintained k8s (#13545) Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com> --- .github/renovate.json | 9 +++++++++ .github/workflows/k8s-tests.yml | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/renovate.json b/.github/renovate.json index 34321b6951f..82294c1eb05 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -23,6 +23,15 @@ "commitMessageSuffix": "({{packageFile}})", "labels": ["dependencies"] }], + "customDatasources": { + "endoflife-oldest-maintained": { + "defaultRegistryUrlTemplate": "https://endoflife.date/api/v1/products/{{packageName}}", + "format": "json", + "transformTemplates": [ + "{ \"releases\": [$.result.releases[isMaintained = true]^( Date: Thu, 6 Nov 2025 12:45:56 -0600 Subject: [PATCH 24/54] Adding SOCIAL_AUTH_REDIRECT_IS_HTTPS, to enable use of HTTPS protocol when redirecting after login using social auth. (#13614) * Adding SOCIAL_AUTH_REDIRECT_IS_HTTPS, to enable use of HTTPS protocol when redirecting after login. * Adding description about how to setup SOCIAL_AUTH_REDIRECT_IS_HTTPS when using helm to docs (docs/content/en/customize_dojo/user_management/configure_sso.md). * Adding description about how to setup SOCIAL_AUTH_REDIRECT_IS_HTTPS when using helm to docs (docs/content/en/customize_dojo/user_management/configure_sso.md). * Apply suggestion from @valentijnscholten --------- Co-authored-by: Marcel Horner Co-authored-by: valentijnscholten --- docs/content/en/customize_dojo/user_management/configure_sso.md | 2 +- dojo/settings/settings.dist.py | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/content/en/customize_dojo/user_management/configure_sso.md b/docs/content/en/customize_dojo/user_management/configure_sso.md index b66fa08dbf7..da6c9ca5f33 100644 --- a/docs/content/en/customize_dojo/user_management/configure_sso.md +++ b/docs/content/en/customize_dojo/user_management/configure_sso.md @@ -511,7 +511,7 @@ If during the login process you get the following error: *The in the client app settings.* and the `redirect_uri` HTTP GET parameter starts with `http://` instead of `https://` you need to add -`SOCIAL_AUTH_REDIRECT_IS_HTTPS = True` to Docker environment variables, or to your `local_settings.py` file. +`DD_SOCIAL_AUTH_REDIRECT_IS_HTTPS = True` to Docker Compose environment variables, or `SOCIAL_AUTH_REDIRECT_IS_HTTPS` to your `local_settings.py` file. 2. Restart DefectDojo, and 'Login With Okta' should appear on the login screen. diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index a8ef11f257a..b435f4970b8 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -115,6 +115,7 @@ DD_SOCIAL_AUTH_CREATE_USER=(bool, True), # if True creates user at first login DD_SOCIAL_AUTH_CREATE_USER_MAPPING=(str, "username"), # could also be email or fullname DD_SOCIAL_LOGIN_AUTO_REDIRECT=(bool, False), # auto-redirect if there is only one social login method + DD_SOCIAL_AUTH_REDIRECT_IS_HTTPS=(bool, False), # If true, the redirect after login will use the HTTPS protocol DD_SOCIAL_AUTH_TRAILING_SLASH=(bool, True), DD_SOCIAL_AUTH_OIDC_AUTH_ENABLED=(bool, False), DD_SOCIAL_AUTH_OIDC_OIDC_ENDPOINT=(str, ""), @@ -576,6 +577,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param # Showing login form (form is not needed for external auth: OKTA, Google Auth, etc.) SHOW_LOGIN_FORM = env("DD_SOCIAL_AUTH_SHOW_LOGIN_FORM") SOCIAL_LOGIN_AUTO_REDIRECT = env("DD_SOCIAL_LOGIN_AUTO_REDIRECT") +SOCIAL_AUTH_REDIRECT_IS_HTTPS = env("DD_SOCIAL_AUTH_REDIRECT_IS_HTTPS") SOCIAL_AUTH_CREATE_USER = env("DD_SOCIAL_AUTH_CREATE_USER") SOCIAL_AUTH_CREATE_USER_MAPPING = env("DD_SOCIAL_AUTH_CREATE_USER_MAPPING") From 60e2cb3bc7efe03d15ce1baf13d8640b506b13f6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 7 Nov 2025 09:42:54 -0700 Subject: [PATCH 25/54] chore(deps): update dependency renovatebot/renovate from 41.173.0 to v42 (.github/workflows/renovate.yaml) (#13638) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index da720dee8a8..7a9eccce500 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -21,4 +21,4 @@ jobs: uses: suzuki-shunsuke/github-action-renovate-config-validator@c22827f47f4f4a5364bdba19e1fe36907ef1318e # v1.1.1 with: strict: "true" - validator_version: 41.173.0 # renovate: datasource=github-releases depName=renovatebot/renovate + validator_version: 42.0.3 # renovate: datasource=github-releases depName=renovatebot/renovate From b388a01a5476485ea445677883faac8bc6ef27b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 9 Nov 2025 17:28:34 -0600 Subject: [PATCH 26/54] chore(deps): bump ruff from 0.14.3 to 0.14.4 (#13645) Bumps [ruff](https://github.com/astral-sh/ruff) from 0.14.3 to 0.14.4. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](https://github.com/astral-sh/ruff/compare/0.14.3...0.14.4) --- updated-dependencies: - dependency-name: ruff dependency-version: 0.14.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements-lint.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-lint.txt b/requirements-lint.txt index fcefb6c9a0f..0f8390862b8 100644 --- a/requirements-lint.txt +++ b/requirements-lint.txt @@ -1 +1 @@ -ruff==0.14.3 +ruff==0.14.4 From 9137d798e5c64f9ce4478ec5482f9dbbe03d8114 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 9 Nov 2025 17:29:36 -0600 Subject: [PATCH 27/54] chore(deps): bump boto3 from 1.40.66 to 1.40.68 (#13644) Bumps [boto3](https://github.com/boto/boto3) from 1.40.66 to 1.40.68. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.40.66...1.40.68) --- updated-dependencies: - dependency-name: boto3 dependency-version: 1.40.68 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 1701be9e30f..c610fbfbf6d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -62,7 +62,7 @@ django-ratelimit==4.1.0 argon2-cffi==25.1.0 blackduck==1.1.3 pycurl==7.45.7 # Required for Celery Broker AWS (SQS) support -boto3==1.40.66 # Required for Celery Broker AWS (SQS) support +boto3==1.40.68 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==3.1.1 fontawesomefree==6.6.0 From 4104958f9e1f9d65c2f7c7801e93abd117fc4ff4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 9 Nov 2025 17:32:41 -0600 Subject: [PATCH 28/54] chore(deps): update dependency vite from 7.2.1 to v7.2.2 (docs/package.json) (#13641) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docs/package-lock.json | 8 ++++---- docs/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index b497b126d2e..b17efda138c 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -20,7 +20,7 @@ }, "devDependencies": { "prettier": "3.6.2", - "vite": "7.2.1" + "vite": "7.2.2" }, "engines": { "node": ">=20.11.0" @@ -4572,9 +4572,9 @@ "license": "MIT" }, "node_modules/vite": { - "version": "7.2.1", - "resolved": "https://registry.npmjs.org/vite/-/vite-7.2.1.tgz", - "integrity": "sha512-qTl3VF7BvOupTR85Zc561sPEgxyUSNSvTQ9fit7DEMP7yPgvvIGm5Zfa1dOM+kOwWGNviK9uFM9ra77+OjK7lQ==", + "version": "7.2.2", + "resolved": "https://registry.npmjs.org/vite/-/vite-7.2.2.tgz", + "integrity": "sha512-BxAKBWmIbrDgrokdGZH1IgkIk/5mMHDreLDmCJ0qpyJaAteP8NvMhkwr/ZCQNqNH97bw/dANTE9PDzqwJghfMQ==", "dev": true, "license": "MIT", "dependencies": { diff --git a/docs/package.json b/docs/package.json index 5ca2338a4ef..d7773c44e47 100644 --- a/docs/package.json +++ b/docs/package.json @@ -27,7 +27,7 @@ }, "devDependencies": { "prettier": "3.6.2", - "vite": "7.2.1" + "vite": "7.2.2" }, "engines": { "node": ">=20.11.0" From 37069a5048e5b5606e6b44ae671e05f97913c944 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 9 Nov 2025 17:33:48 -0600 Subject: [PATCH 29/54] chore(deps): bump asteval from 1.0.6 to 1.0.7 (#13646) Bumps [asteval](https://github.com/lmfit/asteval) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/lmfit/asteval/releases) - [Commits](https://github.com/lmfit/asteval/compare/1.0.6...1.0.7) --- updated-dependencies: - dependency-name: asteval dependency-version: 1.0.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index c610fbfbf6d..e02fe0a64cc 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ # requirements.txt for DefectDojo using Python 3.x -asteval==1.0.6 +asteval==1.0.7 bleach==6.3.0 bleach[css] celery==5.5.3 From 717b84678095289c0f03a1889f00858276f4573b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 9 Nov 2025 17:37:28 -0600 Subject: [PATCH 30/54] chore(deps): bump django-dbbackup from 5.0.0 to 5.0.1 (#13643) Bumps [django-dbbackup](https://github.com/Archmonger/django-dbbackup) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/Archmonger/django-dbbackup/releases) - [Changelog](https://github.com/Archmonger/django-dbbackup/blob/master/CHANGELOG.md) - [Commits](https://github.com/Archmonger/django-dbbackup/compare/5.0.0...5.0.1) --- updated-dependencies: - dependency-name: django-dbbackup dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index e02fe0a64cc..5aa023d2d78 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,7 +7,7 @@ defusedxml==0.7.1 django_celery_results==2.6.0 django-auditlog==3.2.1 django-pghistory==3.8.3 -django-dbbackup==5.0.0 +django-dbbackup==5.0.1 django-environ==0.12.0 django-filter==25.1 django-imagekit==6.0.0 From b1ff5501978f6513de3fe45dad7b145ae9178cf2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 9 Nov 2025 17:38:15 -0600 Subject: [PATCH 31/54] chore(deps): bump django-crispy-forms from 2.4 to 2.5 (#13642) Bumps [django-crispy-forms](https://github.com/django-crispy-forms/django-crispy-forms) from 2.4 to 2.5. - [Release notes](https://github.com/django-crispy-forms/django-crispy-forms/releases) - [Changelog](https://github.com/django-crispy-forms/django-crispy-forms/blob/main/CHANGELOG.md) - [Commits](https://github.com/django-crispy-forms/django-crispy-forms/compare/2.4...2.5) --- updated-dependencies: - dependency-name: django-crispy-forms dependency-version: '2.5' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 5aa023d2d78..dd924805be1 100644 --- a/requirements.txt +++ b/requirements.txt @@ -13,7 +13,7 @@ django-filter==25.1 django-imagekit==6.0.0 django-multiselectfield==1.0.1 django-polymorphic==4.1.0 -django-crispy-forms==2.4 +django-crispy-forms==2.5 django_extensions==4.1 django-slack==5.19.0 django-watson==1.6.3 From 8daba95ab8dc39cc9f05443b5bfa3a6847de0427 Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 10 Nov 2025 17:23:24 +0000 Subject: [PATCH 32/54] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 14 ++++---------- helm/defectdojo/README.md | 2 +- 4 files changed, 7 insertions(+), 13 deletions(-) diff --git a/components/package.json b/components/package.json index 6a45f098683..07c351cf814 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.52.1", + "version": "2.53.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index f9d9c59c502..75c2142e9d9 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = "2.52.1" +__version__ = "2.53.0-dev" __url__ = "https://github.com/DefectDojo/django-DefectDojo" __docs__ = "https://documentation.defectdojo.com" diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 92715d49ce3..3e3ef73d073 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.52.1" +appVersion: "2.53.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.8.1 +version: 1.8.2-dev icon: https://defectdojo.com/hubfs/DefectDojo_favicon.png maintainers: - name: madchap @@ -33,11 +33,5 @@ dependencies: # - kind: security # description: Critical bug annotations: - artifacthub.io/prerelease: "false" - artifacthub.io/changes: | - - kind: fixed - description: Broken rendering of media PVC - - kind: fixed - description: Typo in description of digests - - kind: changed - description: Bump DefectDojo to 2.52.1 + artifacthub.io/prerelease: "true" + artifacthub.io/changes: "" diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md index 861a4456c90..aa468e6bc61 100644 --- a/helm/defectdojo/README.md +++ b/helm/defectdojo/README.md @@ -495,7 +495,7 @@ kubectl delete pvc data-defectdojo-redis-0 data-defectdojo-postgresql-0 # General information about chart values -![Version: 1.8.1](https://img.shields.io/badge/Version-1.8.1-informational?style=flat-square) ![AppVersion: 2.52.1](https://img.shields.io/badge/AppVersion-2.52.1-informational?style=flat-square) +![Version: 1.8.2-dev](https://img.shields.io/badge/Version-1.8.2--dev-informational?style=flat-square) ![AppVersion: 2.53.0-dev](https://img.shields.io/badge/AppVersion-2.53.0--dev-informational?style=flat-square) A Helm chart for Kubernetes to install DefectDojo From f6cac49a9e289eb0811be60bba389670ed244697 Mon Sep 17 00:00:00 2001 From: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Date: Mon, 10 Nov 2025 14:53:22 -0600 Subject: [PATCH 33/54] Restore n0s1 Scanner documentation in supported tools --- .../parsers/file/n0s1.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/content/{en/connecting_your_tools => supported_tools}/parsers/file/n0s1.md (100%) diff --git a/docs/content/en/connecting_your_tools/parsers/file/n0s1.md b/docs/content/supported_tools/parsers/file/n0s1.md similarity index 100% rename from docs/content/en/connecting_your_tools/parsers/file/n0s1.md rename to docs/content/supported_tools/parsers/file/n0s1.md From bcb9488bab6edba732266cb3f59671f79860fb2f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Nov 2025 16:09:18 -0600 Subject: [PATCH 34/54] chore(deps): bump boto3 from 1.40.68 to 1.40.69 (#13661) Bumps [boto3](https://github.com/boto/boto3) from 1.40.68 to 1.40.69. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.40.68...1.40.69) --- updated-dependencies: - dependency-name: boto3 dependency-version: 1.40.69 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 776b32ce4b8..2aec04e762e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -62,7 +62,7 @@ django-ratelimit==4.1.0 argon2-cffi==25.1.0 blackduck==1.1.3 pycurl==7.45.7 # Required for Celery Broker AWS (SQS) support -boto3==1.40.68 # Required for Celery Broker AWS (SQS) support +boto3==1.40.69 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==3.1.1 fontawesomefree==6.6.0 From a78cbebb69628e06852d18148a59bb9eb6d49014 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 10 Nov 2025 16:12:55 -0600 Subject: [PATCH 35/54] chore(deps): update softprops/action-gh-release action from v2.4.1 to v2.4.2 (.github/workflows/release-x-manual-helm-chart.yml) (#13654) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/release-x-manual-helm-chart.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-x-manual-helm-chart.yml b/.github/workflows/release-x-manual-helm-chart.yml index a1105697c7d..9dd8d65d192 100644 --- a/.github/workflows/release-x-manual-helm-chart.yml +++ b/.github/workflows/release-x-manual-helm-chart.yml @@ -77,7 +77,7 @@ jobs: echo "chart_version=$(ls build | cut -d '-' -f 2,3 | sed 's|\.tgz||')" >> $GITHUB_ENV - name: Create release ${{ inputs.release_number }} - uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1 + uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # v2.4.2 with: name: '${{ inputs.release_number }} 🌈' tag_name: ${{ inputs.release_number }} From 0f3040d1b3b3a1ff8eec084636fe33e7861a8928 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 10 Nov 2025 16:13:36 -0600 Subject: [PATCH 36/54] Update dependency renovatebot/renovate from 42.0.3 to v42.5.0 (.github/workflows/renovate.yaml) (#13651) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 7a9eccce500..135113027c0 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -21,4 +21,4 @@ jobs: uses: suzuki-shunsuke/github-action-renovate-config-validator@c22827f47f4f4a5364bdba19e1fe36907ef1318e # v1.1.1 with: strict: "true" - validator_version: 42.0.3 # renovate: datasource=github-releases depName=renovatebot/renovate + validator_version: 42.5.0 # renovate: datasource=github-releases depName=renovatebot/renovate From d56960d6db069a04e638a692add3b6c4be0a06e3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 10 Nov 2025 16:46:31 -0600 Subject: [PATCH 37/54] fix(deps): update dependency @docsearch/css from 4.3.1 to v4.3.2 (docs/package.json) (#13673) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docs/package-lock.json | 8 ++++---- docs/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index b17efda138c..11dea690920 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -9,7 +9,7 @@ "version": "1.8.0", "license": "MIT", "dependencies": { - "@docsearch/css": "4.3.1", + "@docsearch/css": "4.3.2", "@docsearch/js": "4.3.1", "@tabler/icons": "3.35.0", "@thulite/doks-core": "1.8.3", @@ -1482,9 +1482,9 @@ } }, "node_modules/@docsearch/css": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/@docsearch/css/-/css-4.3.1.tgz", - "integrity": "sha512-Jnct7LKOi/+Oxbmq215YPYASkMdZqtyyDCkma8Cj4sCcbBuybL6fvyBaX7uJoM6kVF7aIpBA38RhHAyN5ByCHg==", + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/@docsearch/css/-/css-4.3.2.tgz", + "integrity": "sha512-K3Yhay9MgkBjJJ0WEL5MxnACModX9xuNt3UlQQkDEDZJZ0+aeWKtOkxHNndMRkMBnHdYvQjxkm6mdlneOtU1IQ==", "license": "MIT" }, "node_modules/@docsearch/js": { diff --git a/docs/package.json b/docs/package.json index d7773c44e47..50d7ca911c9 100644 --- a/docs/package.json +++ b/docs/package.json @@ -16,7 +16,7 @@ "preview": "vite preview --outDir public" }, "dependencies": { - "@docsearch/css": "4.3.1", + "@docsearch/css": "4.3.2", "@docsearch/js": "4.3.1", "@tabler/icons": "3.35.0", "@thulite/doks-core": "1.8.3", From f44d5a47169bee3166a91a16a8404c3cc67b14ed Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 12 Nov 2025 08:13:51 -0600 Subject: [PATCH 38/54] Update dependency node from 24.11.0 to v24.11.1 (.github/workflows/validate_docs_build.yml) (#13686) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/gh-pages.yml | 2 +- .github/workflows/validate_docs_build.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 217f0317688..91a1039f649 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -21,7 +21,7 @@ jobs: - name: Setup Node uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: - node-version: '24.11.0' # TODO: Renovate helper might not be needed here - needs to be fully tested + node-version: '24.11.1' # TODO: Renovate helper might not be needed here - needs to be fully tested - name: Cache dependencies uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 diff --git a/.github/workflows/validate_docs_build.yml b/.github/workflows/validate_docs_build.yml index 01e2371bec3..c285c0599bc 100644 --- a/.github/workflows/validate_docs_build.yml +++ b/.github/workflows/validate_docs_build.yml @@ -18,7 +18,7 @@ jobs: - name: Setup Node uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: - node-version: '24.11.0' # TODO: Renovate helper might not be needed here - needs to be fully tested + node-version: '24.11.1' # TODO: Renovate helper might not be needed here - needs to be fully tested - name: Cache dependencies uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 From fc6aba9b9e95d689bc3bcce403dc63a2c5f0ecc9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 12 Nov 2025 18:12:12 -0700 Subject: [PATCH 39/54] Update dependency kubernetes/kubernetes from v1.34.1 to v1.34.2 (.github/workflows/k8s-tests.yml) (#13693) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/k8s-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/k8s-tests.yml b/.github/workflows/k8s-tests.yml index bc5fd22d343..c313e42b3fe 100644 --- a/.github/workflows/k8s-tests.yml +++ b/.github/workflows/k8s-tests.yml @@ -16,7 +16,7 @@ jobs: # databases, broker and k8s are independent, so we don't need to test each combination # lastest k8s version (https://kubernetes.io/releases/) and the oldest officially supported version # are tested (https://kubernetes.io/releases/) - - k8s: 'v1.34.1' # renovate: datasource=github-releases depName=kubernetes/kubernetes versioning=loose + - k8s: 'v1.34.2' # renovate: datasource=github-releases depName=kubernetes/kubernetes versioning=loose os: debian - k8s: 'v1.31.13' # renovate: datasource=custom.endoflife-oldest-maintained depName=kubernetes os: debian From 0e46041ebb6a5441aff6446626591e16abdff82f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Nov 2025 18:12:32 -0700 Subject: [PATCH 40/54] chore(deps): bump boto3 from 1.40.69 to 1.40.71 (#13692) Bumps [boto3](https://github.com/boto/boto3) from 1.40.69 to 1.40.71. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.40.69...1.40.71) --- updated-dependencies: - dependency-name: boto3 dependency-version: 1.40.71 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 2aec04e762e..da9fe0f1e37 100644 --- a/requirements.txt +++ b/requirements.txt @@ -62,7 +62,7 @@ django-ratelimit==4.1.0 argon2-cffi==25.1.0 blackduck==1.1.3 pycurl==7.45.7 # Required for Celery Broker AWS (SQS) support -boto3==1.40.69 # Required for Celery Broker AWS (SQS) support +boto3==1.40.71 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==3.1.1 fontawesomefree==6.6.0 From b345e644ca31ac7433b35aaffe19a8bd1fca7242 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Nov 2025 18:12:49 -0700 Subject: [PATCH 41/54] chore(deps): bump vulners from 3.1.1 to 3.1.2 (#13691) Bumps vulners from 3.1.1 to 3.1.2. --- updated-dependencies: - dependency-name: vulners dependency-version: 3.1.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index da9fe0f1e37..1f2be70af97 100644 --- a/requirements.txt +++ b/requirements.txt @@ -64,7 +64,7 @@ blackduck==1.1.3 pycurl==7.45.7 # Required for Celery Broker AWS (SQS) support boto3==1.40.71 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 -vulners==3.1.1 +vulners==3.1.2 fontawesomefree==6.6.0 PyYAML==6.0.3 pyopenssl==25.3.0 From 2a8eaede0bf730f17969510c47f08415951e5833 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 12 Nov 2025 18:16:19 -0700 Subject: [PATCH 42/54] fix(deps): update dependency @docsearch/js from 4.3.1 to v4.3.2 (docs/package.json) (#13674) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Paul Osinski <42211303+paulOsinski@users.noreply.github.com> --- docs/package-lock.json | 8 ++++---- docs/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index 11dea690920..4d260357f6f 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -10,7 +10,7 @@ "license": "MIT", "dependencies": { "@docsearch/css": "4.3.2", - "@docsearch/js": "4.3.1", + "@docsearch/js": "4.3.2", "@tabler/icons": "3.35.0", "@thulite/doks-core": "1.8.3", "@thulite/images": "3.3.3", @@ -1488,9 +1488,9 @@ "license": "MIT" }, "node_modules/@docsearch/js": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/@docsearch/js/-/js-4.3.1.tgz", - "integrity": "sha512-Xi2OztaQqTnNj0HGTcS/RtoXe4ASOgKRuH8hAKKqISqv13oUxpVBIBUHpvPIU4qgmJRZN2gA2gdjdn+VuvrvRQ==", + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/@docsearch/js/-/js-4.3.2.tgz", + "integrity": "sha512-xdfpPXMgKRY9EW7U1vtY7gLKbLZFa9ed+t0Dacquq8zXBqAlH9HlUf0h4Mhxm0xatsVeMaIR2wr/u6g0GsZyQw==", "license": "MIT", "dependencies": { "htm": "3.1.1" diff --git a/docs/package.json b/docs/package.json index 50d7ca911c9..1b99722c010 100644 --- a/docs/package.json +++ b/docs/package.json @@ -17,7 +17,7 @@ }, "dependencies": { "@docsearch/css": "4.3.2", - "@docsearch/js": "4.3.1", + "@docsearch/js": "4.3.2", "@tabler/icons": "3.35.0", "@thulite/doks-core": "1.8.3", "@thulite/images": "3.3.3", From 139741dc0e51c302de332db4407948a603b3b59d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 12 Nov 2025 18:17:04 -0700 Subject: [PATCH 43/54] Update dependency gohugoio/hugo from v0.152.1 to v0.152.2 (.github/workflows/validate_docs_build.yml) (#13665) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Paul Osinski <42211303+paulOsinski@users.noreply.github.com> --- .github/workflows/gh-pages.yml | 2 +- .github/workflows/validate_docs_build.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 91a1039f649..2a28453c537 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -15,7 +15,7 @@ jobs: - name: Setup Hugo uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0 with: - hugo-version: '0.152.1' # renovate: datasource=github-releases depName=gohugoio/hugo + hugo-version: '0.152.2' # renovate: datasource=github-releases depName=gohugoio/hugo extended: true - name: Setup Node diff --git a/.github/workflows/validate_docs_build.yml b/.github/workflows/validate_docs_build.yml index c285c0599bc..8580ab8b408 100644 --- a/.github/workflows/validate_docs_build.yml +++ b/.github/workflows/validate_docs_build.yml @@ -12,7 +12,7 @@ jobs: - name: Setup Hugo uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0 with: - hugo-version: '0.152.1' # renovate: datasource=github-releases depName=gohugoio/hugo + hugo-version: '0.152.2' # renovate: datasource=github-releases depName=gohugoio/hugo extended: true - name: Setup Node From bea10028c682b35a7bb4a0e4e8edc5430f35cfc2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Nov 2025 12:36:37 -0600 Subject: [PATCH 44/54] chore(deps): bump boto3 from 1.40.71 to 1.40.72 (#13697) Bumps [boto3](https://github.com/boto/boto3) from 1.40.71 to 1.40.72. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.40.71...1.40.72) --- updated-dependencies: - dependency-name: boto3 dependency-version: 1.40.72 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 1f2be70af97..3dfbf768384 100644 --- a/requirements.txt +++ b/requirements.txt @@ -62,7 +62,7 @@ django-ratelimit==4.1.0 argon2-cffi==25.1.0 blackduck==1.1.3 pycurl==7.45.7 # Required for Celery Broker AWS (SQS) support -boto3==1.40.71 # Required for Celery Broker AWS (SQS) support +boto3==1.40.72 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==3.1.2 fontawesomefree==6.6.0 From 19dc283b9b2fc4a663f3f5d9ffc71402a955be0a Mon Sep 17 00:00:00 2001 From: valentijnscholten Date: Fri, 14 Nov 2025 04:23:49 +0100 Subject: [PATCH 45/54] log a line when custom hash method is used (#13679) Co-authored-by: Valentijn Scholten --- dojo/models.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dojo/models.py b/dojo/models.py index dd025908626..ec2e48555f1 100644 --- a/dojo/models.py +++ b/dojo/models.py @@ -3494,15 +3494,16 @@ def violates_sla(self): def set_hash_code(self, dedupe_option): from dojo.utils import get_custom_method # noqa: PLC0415 circular import if hash_method := get_custom_method("FINDING_HASH_METHOD"): + deduplicationLogger.debug("Using custom hash method") hash_method(self, dedupe_option) # Finding.save is called once from serializers.py with dedupe_option=False because the finding is not ready yet, for example the endpoints are not built # It is then called a second time with dedupe_option defaulted to true; now we can compute the hash_code and run the deduplication elif dedupe_option: if self.hash_code is not None: - deduplicationLogger.debug("Hash_code already computed for finding") + deduplicationLogger.debug("Hash_code already computed for finding %i", self.id) else: self.hash_code = self.compute_hash_code() - deduplicationLogger.debug("Hash_code computed for finding: %s", self.hash_code) + deduplicationLogger.debug("Hash_code computed for finding %i: %s", self.id, self.hash_code) class FindingAdmin(admin.ModelAdmin): From 68f6639d25cd25796ca840d290f09ebf170b86ce Mon Sep 17 00:00:00 2001 From: valentijnscholten Date: Fri, 14 Nov 2025 18:02:24 +0100 Subject: [PATCH 46/54] Deduplicate findings in batches (#13491) * initial batching code * fix dedupe_inside_engagement * all tests working incl sarif with internal dupes * cleanup * deduplication: add more importer unit tests * deduplication: add more importer unit tests * deduplication: log hash_code_fields_always * view_finding: show unique_id_from_tool with hash_code * view_finding: show unique_id_from_tool with hash_code * uncomment tests * add more assessments * fix duplicate finding links * split per algo, move into new file * align logging * better method name and param order * ruff apps.py * update task/query counts * update comments, parameters names * finetune uidorhash logic * fix tests to import from deduplication.py * ruff unit tests * simplify base queryset building * deduplication logic: add cross scanner unique_id tests * hook old per finding dedupe to batch dedupe code * fix and make uid_or_hash_code matching identical to old dedupe * UNIQUE_ID_OR_HASH_CODE: dont stop after one candidate * UNIQUE_ID_OR_HASH_CODE: dont stop after one candidate in Batch mode * uid_or_hash_code: fix self/older check * notifications test: replace hardcoded ids with references * optimize prefetching * update query counts in test * complete merge * add more logging is_older, dedupe_eng_mismatch * support FINDING_DEDUPE_METHOD * add support for FINDING_DEDUPE_BATCH_METHOD * simplify * update log line * make batch size a setting * add false positive history to new batch post process task * commands: add command to clear celery queue * update dedupe command to use batch mode * default to batch_mode for dedupe command * do not deduplicate duplicates * improve logging * prefetch better in dedupe command * dedupe command: max batch size 1000 * remove leftover method * reimport: support pro hash method * finalize return statement * ruff --------- Co-authored-by: Valentijn Scholten --- dojo/finding/deduplication.py | 564 ++++++++++++++++++ dojo/finding/helper.py | 59 +- dojo/importers/default_importer.py | 60 +- dojo/importers/default_reimporter.py | 60 +- .../management/commands/clear_celery_queue.py | 115 ++++ dojo/management/commands/dedupe.py | 109 +++- dojo/models.py | 6 + dojo/settings/settings.dist.py | 3 + dojo/utils.py | 348 ----------- unittests/test_duplication_loops.py | 2 +- unittests/test_importers_performance.py | 84 +-- unittests/test_utils_deduplication_reopen.py | 2 +- 12 files changed, 948 insertions(+), 464 deletions(-) create mode 100644 dojo/finding/deduplication.py create mode 100644 dojo/management/commands/clear_celery_queue.py diff --git a/dojo/finding/deduplication.py b/dojo/finding/deduplication.py new file mode 100644 index 00000000000..7f334236dbf --- /dev/null +++ b/dojo/finding/deduplication.py @@ -0,0 +1,564 @@ +import logging +from operator import attrgetter + +import hyperlink +from django.conf import settings +from django.db.models import Prefetch +from django.db.models.query_utils import Q + +from dojo.celery import app +from dojo.decorators import dojo_async_task, dojo_model_from_id, dojo_model_to_id +from dojo.models import Finding, System_Settings + +logger = logging.getLogger(__name__) +deduplicationLogger = logging.getLogger("dojo.specific-loggers.deduplication") + + +def get_finding_models_for_deduplication(finding_ids): + """ + Load findings with optimal prefetching for deduplication operations. + This avoids N+1 queries when accessing test, engagement, product, endpoints, and original_finding. + + Args: + finding_ids: A list of Finding IDs + + Returns: + A list of Finding models with related objects prefetched + + """ + if not finding_ids: + return [] + + return list( + Finding.objects.filter(id__in=finding_ids) + .select_related("test", "test__engagement", "test__engagement__product", "test__test_type") + .prefetch_related( + "endpoints", + # Prefetch duplicates of each finding to avoid N+1 when set_duplicate iterates + Prefetch( + "original_finding", + queryset=Finding.objects.only("id", "duplicate_finding_id").order_by("-id"), + ), + ), + ) + + +@dojo_model_to_id +@dojo_async_task +@app.task +@dojo_model_from_id +def do_dedupe_finding_task(new_finding, *args, **kwargs): + return do_dedupe_finding(new_finding, *args, **kwargs) + + +@dojo_async_task +@app.task +def do_dedupe_batch_task(finding_ids, *args, **kwargs): + """ + Async task to deduplicate a batch of findings. The findings are assumed to be in the same test. + Similar to post_process_findings_batch but focused only on deduplication. + """ + # Load findings with proper prefetching + findings = get_finding_models_for_deduplication(finding_ids) + + if not findings: + logger.debug(f"no findings found for batch deduplication with IDs: {finding_ids}") + return + + # Batch dedupe + dedupe_batch_of_findings(findings) + + +def do_dedupe_finding(new_finding, *args, **kwargs): + from dojo.utils import get_custom_method # noqa: PLC0415 -- circular import + if dedupe_method := get_custom_method("FINDING_DEDUPE_METHOD"): + return dedupe_method(new_finding, *args, **kwargs) + + try: + enabled = System_Settings.objects.get(no_cache=True).enable_deduplication + except System_Settings.DoesNotExist: + logger.warning("system settings not found") + enabled = False + + if enabled: + deduplicationLogger.debug("dedupe for: " + str(new_finding.id) + + ":" + str(new_finding.title)) + deduplicationAlgorithm = new_finding.test.deduplication_algorithm + deduplicationLogger.debug("deduplication algorithm: " + deduplicationAlgorithm) + if deduplicationAlgorithm == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL: + deduplicate_unique_id_from_tool(new_finding) + elif deduplicationAlgorithm == settings.DEDUPE_ALGO_HASH_CODE: + deduplicate_hash_code(new_finding) + elif deduplicationAlgorithm == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE: + deduplicate_uid_or_hash_code(new_finding) + else: + deduplicationLogger.debug("no configuration per parser found; using legacy algorithm") + deduplicate_legacy(new_finding) + else: + deduplicationLogger.debug("dedupe: skipping dedupe because it's disabled in system settings get()") + return None + + +def deduplicate_legacy(new_finding): + _dedupe_batch_legacy([new_finding]) + + +def deduplicate_unique_id_from_tool(new_finding): + _dedupe_batch_unique_id([new_finding]) + + +def deduplicate_hash_code(new_finding): + _dedupe_batch_hash_code([new_finding]) + + +def deduplicate_uid_or_hash_code(new_finding): + _dedupe_batch_uid_or_hash([new_finding]) + + +def set_duplicate(new_finding, existing_finding): + deduplicationLogger.debug(f"new_finding.status(): {new_finding.id} {new_finding.status()}") + deduplicationLogger.debug(f"existing_finding.status(): {existing_finding.id} {existing_finding.status()}") + if existing_finding.duplicate: + deduplicationLogger.debug("existing finding: %s:%s:duplicate=%s;duplicate_finding=%s", existing_finding.id, existing_finding.title, existing_finding.duplicate, existing_finding.duplicate_finding.id if existing_finding.duplicate_finding else "None") + msg = "Existing finding is a duplicate" + raise Exception(msg) + if existing_finding.id == new_finding.id: + msg = "Can not add duplicate to itself" + raise Exception(msg) + if is_duplicate_reopen(new_finding, existing_finding): + msg = "Found a regression. Ignore this so that a new duplicate chain can be made" + raise Exception(msg) + if new_finding.duplicate and finding_mitigated(existing_finding): + msg = "Skip this finding as we do not want to attach a new duplicate to a mitigated finding" + raise Exception(msg) + + deduplicationLogger.debug("Setting new finding " + str(new_finding.id) + " as a duplicate of existing finding " + str(existing_finding.id)) + new_finding.duplicate = True + new_finding.active = False + new_finding.verified = False + new_finding.duplicate_finding = existing_finding + + # Make sure transitive duplication is flattened + # if A -> B and B is made a duplicate of C here, afterwards: + # A -> C and B -> C should be true + # Ordering is ensured by the prefetch in post_process_findings_batch + # (we prefetch "original_finding" ordered by -id), so avoid calling + # order_by here to prevent bypassing the prefetch cache. + for find in new_finding.original_finding.all(): + new_finding.original_finding.remove(find) + set_duplicate(find, existing_finding) + existing_finding.found_by.add(new_finding.test.test_type) + logger.debug("saving new finding: %d", new_finding.id) + super(Finding, new_finding).save() + logger.debug("saving existing finding: %d", existing_finding.id) + super(Finding, existing_finding).save() + + +def is_duplicate_reopen(new_finding, existing_finding) -> bool: + return finding_mitigated(existing_finding) and finding_not_human_set_status(existing_finding) and not finding_mitigated(new_finding) + + +def finding_mitigated(finding: Finding) -> bool: + return finding.active is False and (finding.is_mitigated is True or finding.mitigated is not None) + + +def finding_not_human_set_status(finding: Finding) -> bool: + return finding.out_of_scope is False and finding.false_p is False + + +def set_duplicate_reopen(new_finding, existing_finding): + logger.debug("duplicate reopen existing finding") + existing_finding.mitigated = new_finding.mitigated + existing_finding.is_mitigated = new_finding.is_mitigated + existing_finding.active = new_finding.active + existing_finding.verified = new_finding.verified + existing_finding.notes.create(author=existing_finding.reporter, + entry="This finding has been automatically re-opened as it was found in recent scans.") + existing_finding.save() + + +def is_deduplication_on_engagement_mismatch(new_finding, to_duplicate_finding): + if new_finding.test.engagement != to_duplicate_finding.test.engagement: + deduplication_mismatch = new_finding.test.engagement.deduplication_on_engagement \ + or to_duplicate_finding.test.engagement.deduplication_on_engagement + if deduplication_mismatch: + deduplicationLogger.debug(f"deduplication_mismatch: {deduplication_mismatch} for new_finding {new_finding.id} and to_duplicate_finding {to_duplicate_finding.id} with test.engagement {new_finding.test.engagement.id} and {to_duplicate_finding.test.engagement.id}") + return deduplication_mismatch + return False + + +def get_endpoints_as_url(finding): + return [hyperlink.parse(str(e)) for e in finding.endpoints.all()] + + +def are_urls_equal(url1, url2, fields): + deduplicationLogger.debug("Check if url %s and url %s are equal in terms of %s.", url1, url2, fields) + for field in fields: + if (field == "scheme" and url1.scheme != url2.scheme) or (field == "host" and url1.host != url2.host): + return False + if (field == "port" and url1.port != url2.port) or (field == "path" and url1.path != url2.path) or (field == "query" and url1.query != url2.query) or (field == "fragment" and url1.fragment != url2.fragment) or (field == "userinfo" and url1.userinfo != url2.userinfo) or (field == "user" and url1.user != url2.user): + return False + return True + + +def are_endpoints_duplicates(new_finding, to_duplicate_finding): + fields = settings.DEDUPE_ALGO_ENDPOINT_FIELDS + if len(fields) == 0: + deduplicationLogger.debug("deduplication by endpoint fields is disabled") + return True + + list1 = get_endpoints_as_url(new_finding) + list2 = get_endpoints_as_url(to_duplicate_finding) + + deduplicationLogger.debug( + f"Starting deduplication by endpoint fields for finding {new_finding.id} with urls {list1} and finding {to_duplicate_finding.id} with urls {list2}", + ) + if list1 == [] and list2 == []: + return True + + for l1 in list1: + for l2 in list2: + if are_urls_equal(l1, l2, fields): + return True + + deduplicationLogger.debug(f"endpoints are not duplicates: {new_finding.id} and {to_duplicate_finding.id}") + return False + + +def build_dedupe_scope_queryset(test): + scope_on_engagement = test.engagement.deduplication_on_engagement + if scope_on_engagement: + scope_q = Q(test__engagement=test.engagement) + else: + # Product scope limited to current product, but exclude engagements that opted into engagement-scoped dedupe + scope_q = Q(test__engagement__product=test.engagement.product) & ( + Q(test__engagement=test.engagement) + | Q(test__engagement__deduplication_on_engagement=False) + ) + + return ( + Finding.objects.filter(scope_q) + .select_related("test", "test__engagement", "test__test_type") + .prefetch_related("endpoints") + ) + + +def find_candidates_for_deduplication_hash(test, findings): + base_queryset = build_dedupe_scope_queryset(test) + hash_codes = {f.hash_code for f in findings if getattr(f, "hash_code", None) is not None} + if not hash_codes: + return {} + existing_qs = ( + base_queryset.filter(hash_code__in=hash_codes) + .exclude(hash_code=None) + .exclude(duplicate=True) + .order_by("id") + ) + existing_by_hash = {} + for ef in existing_qs: + existing_by_hash.setdefault(ef.hash_code, []).append(ef) + deduplicationLogger.debug(f"Found {len(existing_by_hash)} existing findings by hash codes") + return existing_by_hash + + +def find_candidates_for_deduplication_unique_id(test, findings): + base_queryset = build_dedupe_scope_queryset(test) + unique_ids = {f.unique_id_from_tool for f in findings if getattr(f, "unique_id_from_tool", None) is not None} + if not unique_ids: + return {} + existing_qs = base_queryset.filter(unique_id_from_tool__in=unique_ids).exclude(unique_id_from_tool=None).exclude(duplicate=True).order_by("id") + # unique_id_from_tool can only apply to the same test_type because it is parser dependent + existing_qs = existing_qs.filter(test__test_type=test.test_type) + existing_by_uid = {} + for ef in existing_qs: + existing_by_uid.setdefault(ef.unique_id_from_tool, []).append(ef) + deduplicationLogger.debug(f"Found {len(existing_by_uid)} existing findings by unique IDs") + return existing_by_uid + + +def find_candidates_for_deduplication_uid_or_hash(test, findings): + base_queryset = build_dedupe_scope_queryset(test) + hash_codes = {f.hash_code for f in findings if getattr(f, "hash_code", None) is not None} + unique_ids = {f.unique_id_from_tool for f in findings if getattr(f, "unique_id_from_tool", None) is not None} + if not hash_codes and not unique_ids: + return {}, {} + + cond = Q() + if hash_codes: + cond |= Q(hash_code__isnull=False, hash_code__in=hash_codes) + if unique_ids: + # unique_id_from_tool can only apply to the same test_type because it is parser dependent + uid_q = Q(unique_id_from_tool__isnull=False, unique_id_from_tool__in=unique_ids) & Q(test__test_type=test.test_type) + cond |= uid_q + + existing_qs = base_queryset.filter(cond).exclude(duplicate=True).order_by("id") + + existing_by_hash = {} + existing_by_uid = {} + for ef in existing_qs: + if ef.hash_code is not None: + existing_by_hash.setdefault(ef.hash_code, []).append(ef) + if ef.unique_id_from_tool is not None: + existing_by_uid.setdefault(ef.unique_id_from_tool, []).append(ef) + deduplicationLogger.debug(f"Found {len(existing_by_uid)} existing findings by unique IDs") + deduplicationLogger.debug(f"Found {len(existing_by_hash)} existing findings by hash codes") + return existing_by_uid, existing_by_hash + + +def find_candidates_for_deduplication_legacy(test, findings): + base_queryset = build_dedupe_scope_queryset(test) + titles = {f.title for f in findings if getattr(f, "title", None)} + cwes = {f.cwe for f in findings if getattr(f, "cwe", 0)} + cwes.discard(0) + if not titles and not cwes: + return {}, {} + + existing_qs = base_queryset.filter(Q(title__in=titles) | Q(cwe__in=cwes)).exclude(duplicate=True).order_by("id") + + by_title = {} + by_cwe = {} + for ef in existing_qs: + if ef.title: + by_title.setdefault(ef.title, []).append(ef) + if getattr(ef, "cwe", 0): + by_cwe.setdefault(ef.cwe, []).append(ef) + deduplicationLogger.debug(f"Found {len(by_title)} existing findings by title") + deduplicationLogger.debug(f"Found {len(by_cwe)} existing findings by CWE") + deduplicationLogger.debug(f"Found {len(existing_qs)} existing findings by title or CWE") + return by_title, by_cwe + + +def _is_candidate_older(new_finding, candidate): + # Ensure the newer finding is marked as duplicate of the older finding + is_older = candidate.id < new_finding.id + if not is_older: + deduplicationLogger.debug(f"candidate is newer than or equal to new finding: {new_finding.id} and candidate {candidate.id}") + return is_older + + +def match_hash_candidate(new_finding, candidates_by_hash): + if new_finding.hash_code is None: + return None + possible_matches = candidates_by_hash.get(new_finding.hash_code, []) + deduplicationLogger.debug(f"Finding {new_finding.id}: Found {len(possible_matches)} findings with same hash_code, ids={[(c.id, c.hash_code) for c in possible_matches]}") + + for candidate in possible_matches: + if not _is_candidate_older(new_finding, candidate): + continue + if is_deduplication_on_engagement_mismatch(new_finding, candidate): + deduplicationLogger.debug("deduplication_on_engagement_mismatch, skipping dedupe.") + continue + if are_endpoints_duplicates(new_finding, candidate): + return candidate + return None + + +def match_unique_id_candidate(new_finding, candidates_by_uid): + if new_finding.unique_id_from_tool is None: + return None + + possible_matches = candidates_by_uid.get(new_finding.unique_id_from_tool, []) + deduplicationLogger.debug(f"Finding {new_finding.id}: Found {len(possible_matches)} findings with same unique_id_from_tool, ids={[(c.id, c.unique_id_from_tool) for c in possible_matches]}") + for candidate in possible_matches: + if not _is_candidate_older(new_finding, candidate): + deduplicationLogger.debug("UID: newer candidate, skipping dedupe.") + continue + if is_deduplication_on_engagement_mismatch(new_finding, candidate): + deduplicationLogger.debug("deduplication_on_engagement_mismatch, skipping dedupe.") + continue + return candidate + return None + + +def match_uid_or_hash_candidate(new_finding, candidates_by_uid, candidates_by_hash): + # Combine UID and hash candidates and walk oldest-first + uid_list = candidates_by_uid.get(new_finding.unique_id_from_tool, []) if new_finding.unique_id_from_tool is not None else [] + hash_list = candidates_by_hash.get(new_finding.hash_code, []) if new_finding.hash_code is not None else [] + deduplicationLogger.debug("Finding %s: UID_OR_HASH: uid_list ids=%s hash_list ids=%s", new_finding.id, [c.id for c in uid_list], [c.id for c in hash_list]) + combined_by_id = {c.id: c for c in uid_list} + for c in hash_list: + combined_by_id.setdefault(c.id, c) + deduplicationLogger.debug("Finding %s: UID_OR_HASH: combined candidate ids (sorted)=%s", new_finding.id, sorted(combined_by_id.keys())) + for candidate_id in sorted(combined_by_id.keys()): + candidate = combined_by_id[candidate_id] + if not _is_candidate_older(new_finding, candidate): + continue + if is_deduplication_on_engagement_mismatch(new_finding, candidate): + deduplicationLogger.debug("deduplication_on_engagement_mismatch, skipping dedupe.") + return None + if are_endpoints_duplicates(new_finding, candidate): + deduplicationLogger.debug("UID_OR_HASH: endpoints match, returning candidate %s with test_type %s unique_id_from_tool %s hash_code %s", candidate.id, candidate.test.test_type, candidate.unique_id_from_tool, candidate.hash_code) + return candidate + deduplicationLogger.debug("UID_OR_HASH: endpoints mismatch, skipping candidate %s", candidate.id) + return None + + +def match_legacy_candidate(new_finding, candidates_by_title, candidates_by_cwe): + # --------------------------------------------------------- + # 1) Collects all the findings that have the same: + # (title and static_finding and dynamic_finding) + # or (CWE and static_finding and dynamic_finding) + # as the new one + # (this is "cond1") + # --------------------------------------------------------- + candidates = [] + if getattr(new_finding, "title", None): + candidates.extend(candidates_by_title.get(new_finding.title, [])) + if getattr(new_finding, "cwe", 0): + candidates.extend(candidates_by_cwe.get(new_finding.cwe, [])) + + for candidate in candidates: + if not _is_candidate_older(new_finding, candidate): + continue + if is_deduplication_on_engagement_mismatch(new_finding, candidate): + deduplicationLogger.debug( + "deduplication_on_engagement_mismatch, skipping dedupe.") + continue + + flag_endpoints = False + flag_line_path = False + + # --------------------------------------------------------- + # 2) If existing and new findings have endpoints: compare them all + # Else look at line+file_path + # (if new finding is not static, do not deduplicate) + # --------------------------------------------------------- + + if candidate.endpoints.count() != 0 and new_finding.endpoints.count() != 0: + list1 = [str(e) for e in new_finding.endpoints.all()] + list2 = [str(e) for e in candidate.endpoints.all()] + if all(x in list1 for x in list2): + deduplicationLogger.debug("%s: existing endpoints are present in new finding", candidate.id) + flag_endpoints = True + elif new_finding.static_finding and new_finding.file_path and len(new_finding.file_path) > 0: + if str(candidate.line) == str(new_finding.line) and candidate.file_path == new_finding.file_path: + deduplicationLogger.debug("%s: file_path and line match", candidate.id) + flag_line_path = True + else: + deduplicationLogger.debug("no endpoints on one of the findings and file_path doesn't match; Deduplication will not occur") + else: + deduplicationLogger.debug("find.static/dynamic: %s/%s", candidate.static_finding, candidate.dynamic_finding) + deduplicationLogger.debug("new_finding.static/dynamic: %s/%s", new_finding.static_finding, new_finding.dynamic_finding) + deduplicationLogger.debug("find.file_path: %s", candidate.file_path) + deduplicationLogger.debug("new_finding.file_path: %s", new_finding.file_path) + deduplicationLogger.debug("no endpoints on one of the findings and the new finding is either dynamic or doesn't have a file_path; Deduplication will not occur") + + flag_hash = candidate.hash_code == new_finding.hash_code + + deduplicationLogger.debug( + "deduplication flags for new finding (" + ("dynamic" if new_finding.dynamic_finding else "static") + ") " + str(new_finding.id) + " and existing finding " + str(candidate.id) + + " flag_endpoints: " + str(flag_endpoints) + " flag_line_path:" + str(flag_line_path) + " flag_hash:" + str(flag_hash)) + + if (flag_endpoints or flag_line_path) and flag_hash: + return candidate + return None + + +def _dedupe_batch_hash_code(findings): + if not findings: + return + test = findings[0].test + candidates_by_hash = find_candidates_for_deduplication_hash(test, findings) + if not candidates_by_hash: + return + for new_finding in findings: + deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_HASH_CODE") + match = match_hash_candidate(new_finding, candidates_by_hash) + if match: + try: + set_duplicate(new_finding, match) + except Exception as e: + deduplicationLogger.debug(str(e)) + + +def _dedupe_batch_unique_id(findings): + if not findings: + return + test = findings[0].test + candidates_by_uid = find_candidates_for_deduplication_unique_id(test, findings) + if not candidates_by_uid: + return + for new_finding in findings: + deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL") + match = match_unique_id_candidate(new_finding, candidates_by_uid) + if match: + try: + set_duplicate(new_finding, match) + except Exception as e: + deduplicationLogger.debug(str(e)) + + +def _dedupe_batch_uid_or_hash(findings): + if not findings: + return + + test = findings[0].test + candidates_by_uid, existing_by_hash = find_candidates_for_deduplication_uid_or_hash(test, findings) + if not (candidates_by_uid or existing_by_hash): + return + for new_finding in findings: + deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE") + if new_finding.duplicate: + continue + + match = match_uid_or_hash_candidate(new_finding, candidates_by_uid, existing_by_hash) + if match: + try: + set_duplicate(new_finding, match) + except Exception as e: + deduplicationLogger.debug(str(e)) + continue + + +def _dedupe_batch_legacy(findings): + if not findings: + return + test = findings[0].test + candidates_by_title, candidates_by_cwe = find_candidates_for_deduplication_legacy(test, findings) + if not (candidates_by_title or candidates_by_cwe): + return + for new_finding in findings: + deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_LEGACY") + match = match_legacy_candidate(new_finding, candidates_by_title, candidates_by_cwe) + if match: + try: + set_duplicate(new_finding, match) + except Exception as e: + deduplicationLogger.debug(str(e)) + + +def dedupe_batch_of_findings(findings, *args, **kwargs): + """Batch deduplicate a list of findings. The findings are assumed to be in the same test.""" + # Pro has customer implementation which will call the Pro dedupe methods, but also the normal OS dedupe methods. + from dojo.utils import get_custom_method # noqa: PLC0415 -- circular import + if batch_dedupe_method := get_custom_method("FINDING_DEDUPE_BATCH_METHOD"): + deduplicationLogger.debug(f"Using custom deduplication method: {batch_dedupe_method.__name__}") + return batch_dedupe_method(findings, *args, **kwargs) + + if not findings: + return None + + enabled = System_Settings.objects.get().enable_deduplication + + if enabled: + # sort findings by id to ensure deduplication is deterministic/reproducible + findings = sorted(findings, key=attrgetter("id")) + + test = findings[0].test + dedup_alg = test.deduplication_algorithm + + if dedup_alg == settings.DEDUPE_ALGO_HASH_CODE: + logger.debug(f"deduplicating finding batch with DEDUPE_ALGO_HASH_CODE - {len(findings)} findings") + _dedupe_batch_hash_code(findings) + elif dedup_alg == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL: + logger.debug(f"deduplicating finding batch with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL - {len(findings)} findings") + _dedupe_batch_unique_id(findings) + elif dedup_alg == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE: + logger.debug(f"deduplicating finding batch with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE - {len(findings)} findings") + _dedupe_batch_uid_or_hash(findings) + else: + logger.debug(f"deduplicating finding batch with LEGACY - {len(findings)} findings") + _dedupe_batch_legacy(findings) + else: + deduplicationLogger.debug("dedupe: skipping dedupe because it's disabled in system settings get()") + return None diff --git a/dojo/finding/helper.py b/dojo/finding/helper.py index 95021e9575c..dc3cfdc7d13 100644 --- a/dojo/finding/helper.py +++ b/dojo/finding/helper.py @@ -17,6 +17,11 @@ from dojo.decorators import dojo_async_task, dojo_model_from_id, dojo_model_to_id from dojo.endpoint.utils import save_endpoints_to_add from dojo.file_uploads.helper import delete_related_files +from dojo.finding.deduplication import ( + dedupe_batch_of_findings, + do_dedupe_finding, + get_finding_models_for_deduplication, +) from dojo.models import ( Endpoint, Endpoint_Status, @@ -35,7 +40,6 @@ from dojo.utils import ( calculate_grade, close_external_issue, - do_dedupe_finding, do_false_positive_history, get_current_user, mass_model_updater, @@ -457,6 +461,59 @@ def post_process_finding_save_internal(finding, dedupe_option=True, rules_option jira_helper.push_to_jira(finding.finding_group) +@dojo_async_task(signature=True) +@app.task +def post_process_findings_batch_signature(finding_ids, *args, dedupe_option=True, rules_option=True, product_grading_option=True, + issue_updater_option=True, push_to_jira=False, user=None, **kwargs): + return post_process_findings_batch(finding_ids, dedupe_option, rules_option, product_grading_option, + issue_updater_option, push_to_jira, user, **kwargs) + + +@dojo_async_task +@app.task +def post_process_findings_batch(finding_ids, *args, dedupe_option=True, rules_option=True, product_grading_option=True, + issue_updater_option=True, push_to_jira=False, user=None, **kwargs): + + if not finding_ids: + return + + system_settings = System_Settings.objects.get() + + # use list() to force a complete query execution and related objects to be loaded once + findings = get_finding_models_for_deduplication(finding_ids) + + if not findings: + logger.debug(f"no findings found for batch deduplication with IDs: {finding_ids}") + return + + # Batch dedupe with single queries per algorithm; fallback to per-finding for anything else + if dedupe_option and system_settings.enable_deduplication: + dedupe_batch_of_findings(findings) + + if system_settings.false_positive_history: + # Only perform false positive history if deduplication is disabled + if system_settings.enable_deduplication: + deduplicationLogger.warning("skipping false positive history because deduplication is also enabled") + else: + for finding in findings: + do_false_positive_history(finding, *args, **kwargs) + + # Non-status changing tasks + if issue_updater_option: + for finding in findings: + tool_issue_updater.async_tool_issue_update(finding) + + if product_grading_option and system_settings.enable_product_grade: + calculate_grade(findings[0].test.engagement.product) + + if push_to_jira: + for finding in findings: + if finding.has_jira_issue or not finding.finding_group: + jira_helper.push_to_jira(finding) + else: + jira_helper.push_to_jira(finding.finding_group) + + @receiver(pre_delete, sender=Finding) def finding_pre_delete(sender, instance, **kwargs): logger.debug("finding pre_delete: %d", instance.id) diff --git a/dojo/importers/default_importer.py b/dojo/importers/default_importer.py index 188a31b6acb..63f41b8f744 100644 --- a/dojo/importers/default_importer.py +++ b/dojo/importers/default_importer.py @@ -1,5 +1,6 @@ import logging +from django.conf import settings from django.core.files.uploadedfile import TemporaryUploadedFile from django.core.serializers import serialize from django.db.models.query_utils import Q @@ -157,10 +158,9 @@ def process_findings( parsed_findings: list[Finding], **kwargs: dict, ) -> list[Finding]: - # Progressive batching for chord execution - post_processing_task_signatures = [] - current_batch_number = 1 - max_batch_size = 1024 + # Batched post-processing (no chord): dispatch a task per 1000 findings or on final finding + batch_finding_ids: list[int] = [] + batch_max_size = getattr(settings, "IMPORT_REIMPORT_DEDUPE_BATCH_SIZE", 1000) """ Saves findings in memory that were parsed from the scan report into the database. @@ -237,32 +237,34 @@ def process_findings( finding = self.process_vulnerability_ids(finding) # Categorize this finding as a new one new_findings.append(finding) - # all data is already saved on the finding, we only need to trigger post processing - - # We create a signature for the post processing task so we can decide to apply it async or sync + # all data is already saved on the finding, we only need to trigger post processing in batches push_to_jira = self.push_to_jira and (not self.findings_groups_enabled or not self.group_by) - post_processing_task_signature = finding_helper.post_process_finding_save_signature( - finding, - dedupe_option=True, - rules_option=True, - product_grading_option=False, - issue_updater_option=True, - push_to_jira=push_to_jira, - ) - - post_processing_task_signatures.append(post_processing_task_signature) - - # Check if we should launch a chord (batch full or end of findings) - if we_want_async(async_user=self.user) and post_processing_task_signatures: - post_processing_task_signatures, current_batch_number, _ = self.maybe_launch_post_processing_chord( - post_processing_task_signatures, - current_batch_number, - max_batch_size, - is_final_finding, - ) - else: - # Execute task immediately for synchronous processing - post_processing_task_signature() + batch_finding_ids.append(finding.id) + + # If batch is full or we're at the end, dispatch one batched task + if len(batch_finding_ids) >= batch_max_size or is_final_finding: + finding_ids_batch = list(batch_finding_ids) + batch_finding_ids.clear() + if we_want_async(async_user=self.user): + finding_helper.post_process_findings_batch_signature( + finding_ids_batch, + dedupe_option=True, + rules_option=True, + product_grading_option=True, + issue_updater_option=True, + push_to_jira=push_to_jira, + )() + else: + finding_helper.post_process_findings_batch( + finding_ids_batch, + dedupe_option=True, + rules_option=True, + product_grading_option=True, + issue_updater_option=True, + push_to_jira=push_to_jira, + ) + + # No chord: tasks are dispatched immediately above per batch for (group_name, findings) in group_names_to_findings_dict.items(): finding_helper.add_findings_to_auto_group( diff --git a/dojo/importers/default_reimporter.py b/dojo/importers/default_reimporter.py index a5d6bdc30c0..10b3ac7148a 100644 --- a/dojo/importers/default_reimporter.py +++ b/dojo/importers/default_reimporter.py @@ -183,9 +183,7 @@ def process_findings( self.unchanged_items = [] self.group_names_to_findings_dict = {} # Progressive batching for chord execution - post_processing_task_signatures = [] - current_batch_number = 1 - max_batch_size = 1024 + # No chord: we dispatch per 1000 findings or on the final finding logger.debug(f"starting reimport of {len(parsed_findings) if parsed_findings else 0} items.") logger.debug("STEP 1: looping over findings from the reimported report and trying to match them to existing findings") @@ -205,6 +203,9 @@ def process_findings( continue cleaned_findings.append(sanitized) + batch_finding_ids: list[int] = [] + batch_max_size = 1000 + for idx, unsaved_finding in enumerate(cleaned_findings): is_final = idx == len(cleaned_findings) - 1 # Some parsers provide "mitigated" field but do not set timezone (because they are probably not available in the report) @@ -255,31 +256,34 @@ def process_findings( finding, unsaved_finding, ) - # all data is already saved on the finding, we only need to trigger post processing - - # Execute post-processing task immediately if async, otherwise execute synchronously + # all data is already saved on the finding, we only need to trigger post processing in batches push_to_jira = self.push_to_jira and (not self.findings_groups_enabled or not self.group_by) - - post_processing_task_signature = finding_helper.post_process_finding_save_signature( - finding, - dedupe_option=True, - rules_option=True, - product_grading_option=False, - issue_updater_option=True, - push_to_jira=push_to_jira, - ) - post_processing_task_signatures.append(post_processing_task_signature) - - # Check if we should launch a chord (batch full or end of findings) - if we_want_async(async_user=self.user) and post_processing_task_signatures: - post_processing_task_signatures, current_batch_number, _ = self.maybe_launch_post_processing_chord( - post_processing_task_signatures, - current_batch_number, - max_batch_size, - is_final, - ) - else: - post_processing_task_signature() + batch_finding_ids.append(finding.id) + + # If batch is full or we're at the end, dispatch one batched task + if len(batch_finding_ids) >= batch_max_size or is_final: + finding_ids_batch = list(batch_finding_ids) + batch_finding_ids.clear() + if we_want_async(async_user=self.user): + finding_helper.post_process_findings_batch_signature( + finding_ids_batch, + dedupe_option=True, + rules_option=True, + product_grading_option=True, + issue_updater_option=True, + push_to_jira=push_to_jira, + )() + else: + finding_helper.post_process_findings_batch( + finding_ids_batch, + dedupe_option=True, + rules_option=True, + product_grading_option=True, + issue_updater_option=True, + push_to_jira=push_to_jira, + ) + + # No chord: tasks are dispatched immediately above per batch self.to_mitigate = (set(self.original_items) - set(self.reactivated_items) - set(self.unchanged_items)) # due to #3958 we can have duplicates inside the same report @@ -779,4 +783,6 @@ def calculate_unsaved_finding_hash_code( self, unsaved_finding: Finding, ) -> str: + # this is overridden in Pro, but will still call this via super() + deduplicationLogger.debug("Calculating hash code for unsaved finding") return unsaved_finding.compute_hash_code() diff --git a/dojo/management/commands/clear_celery_queue.py b/dojo/management/commands/clear_celery_queue.py new file mode 100644 index 00000000000..514d6892bfa --- /dev/null +++ b/dojo/management/commands/clear_celery_queue.py @@ -0,0 +1,115 @@ +import logging + +from django.core.management.base import BaseCommand + +from dojo.celery import app + +logger = logging.getLogger(__name__) + + +class Command(BaseCommand): + help = "Clear (purge) all tasks from Celery queues" + + def add_arguments(self, parser): + parser.add_argument( + "--queue", + type=str, + help="Specific queue name to clear (default: all queues)", + ) + parser.add_argument( + "--dry-run", + action="store_true", + help="Show what would be cleared without actually clearing", + ) + parser.add_argument( + "--force", + action="store_true", + help="Skip confirmation prompt (use with caution)", + ) + + def handle(self, *args, **options): + queue_name = options["queue"] + dry_run = options["dry_run"] + force = options["force"] + + # Get connection to broker + with app.connection() as conn: + # Get all queues or specific queue + if queue_name: + queues = [queue_name] + self.stdout.write(f"Targeting queue: {queue_name}") + else: + # Get all active queues from the broker + inspector = app.control.inspect() + active_queues = inspector.active_queues() + if active_queues: + # Extract unique queue names from all workers + queues = set() + for worker_queues in active_queues.values(): + queues.update(queue_info["name"] for queue_info in worker_queues) + queues = list(queues) + else: + # Fallback: try common default queue + queues = ["celery"] + self.stdout.write(f"Found {len(queues)} queue(s) to process") + + if not queues: + self.stdout.write(self.style.WARNING("No queues found to clear")) + return + + # Show what will be cleared + total_purged = 0 + for queue in queues: + try: + # Get queue length using channel + with conn.channel() as channel: + _, message_count, _ = channel.queue_declare(queue=queue, passive=True) + except Exception as e: + logger.debug(f"Could not get message count for queue {queue}: {e}") + message_count = "unknown" + + if dry_run: + self.stdout.write( + self.style.WARNING(f" Would purge {message_count} messages from queue: {queue}"), + ) + else: + self.stdout.write(f" Queue '{queue}': {message_count} messages") + + if dry_run: + self.stdout.write(self.style.SUCCESS("\nDry run complete. Use without --dry-run to actually purge.")) + return + + # Confirmation prompt + if not force: + self.stdout.write( + self.style.WARNING( + f"\nThis will permanently delete all messages from {len(queues)} queue(s).", + ), + ) + confirm = input("Are you sure you want to continue? (yes/no): ") + if confirm.lower() not in {"yes", "y"}: + self.stdout.write(self.style.ERROR("Operation cancelled.")) + return + + # Purge queues using direct channel purge + self.stdout.write("\nPurging queues...") + for queue in queues: + try: + with conn.channel() as channel: + purged_count = channel.queue_purge(queue=queue) + total_purged += purged_count + self.stdout.write( + self.style.SUCCESS(f" ✓ Purged {purged_count} messages from queue: {queue}"), + ) + except Exception as e: + self.stdout.write( + self.style.ERROR(f" ✗ Failed to purge queue '{queue}': {e}"), + ) + logger.error(f"Error purging queue {queue}: {e}") + + if total_purged > 0: + self.stdout.write( + self.style.SUCCESS(f"\nSuccessfully purged {total_purged} message(s) from {len(queues)} queue(s)."), + ) + else: + self.stdout.write(self.style.WARNING("\nNo messages were purged (queues may have been empty).")) diff --git a/dojo/management/commands/dedupe.py b/dojo/management/commands/dedupe.py index 90e063c975f..a8e0a538cfe 100644 --- a/dojo/management/commands/dedupe.py +++ b/dojo/management/commands/dedupe.py @@ -1,12 +1,19 @@ import logging +from django.conf import settings from django.core.management.base import BaseCommand +from django.db.models import Prefetch +from dojo.finding.deduplication import ( + dedupe_batch_of_findings, + do_dedupe_batch_task, + do_dedupe_finding, + do_dedupe_finding_task, + get_finding_models_for_deduplication, +) from dojo.models import Finding, Product from dojo.utils import ( calculate_grade, - do_dedupe_finding, - do_dedupe_finding_task, get_system_setting, mass_model_updater, ) @@ -26,11 +33,11 @@ def generate_hash_code(f): class Command(BaseCommand): """ - Updates hash codes and/or runs deduplication for findings. Hashcode calculation always runs in the foreground, dedupe by default runs in the background. - Usage: manage.py dedupe [--parser "Parser1 Scan" --parser "Parser2 Scan"...] [--hash_code_only] [--dedupe_only] [--dedupe_sync]' + Updates hash codes and/or runs deduplication for findings. Hashcode calculation always runs in the foreground, dedupe by default runs in the background in batch mode. + Usage: manage.py dedupe [--parser "Parser1 Scan" --parser "Parser2 Scan"...] [--hash_code_only] [--dedupe_only] [--dedupe_sync] [--dedupe_batch_mode]' """ - help = 'Usage: manage.py dedupe [--parser "Parser1 Scan" --parser "Parser2 Scan"...] [--hash_code_only] [--dedupe_only] [--dedupe_sync]' + help = 'Usage: manage.py dedupe [--parser "Parser1 Scan" --parser "Parser2 Scan"...] [--hash_code_only] [--dedupe_only] [--dedupe_sync] [--dedupe_batch_mode]' def add_arguments(self, parser): parser.add_argument( @@ -43,28 +50,45 @@ def add_arguments(self, parser): parser.add_argument("--hash_code_only", action="store_true", help="Only compute hash codes") parser.add_argument("--dedupe_only", action="store_true", help="Only run deduplication") parser.add_argument("--dedupe_sync", action="store_true", help="Run dedupe in the foreground, default false") + parser.add_argument( + "--dedupe_batch_mode", + action="store_true", + default=True, + help="Deduplicate in batches (similar to import), works with both sync and async modes (default: True)", + ) def handle(self, *args, **options): restrict_to_parsers = options["parser"] hash_code_only = options["hash_code_only"] dedupe_only = options["dedupe_only"] dedupe_sync = options["dedupe_sync"] + dedupe_batch_mode = options.get("dedupe_batch_mode", True) # Default to True (batch mode enabled) if restrict_to_parsers is not None: - findings = Finding.objects.filter(test__test_type__name__in=restrict_to_parsers) + findings = Finding.objects.filter(test__test_type__name__in=restrict_to_parsers).exclude(duplicate=True) logger.info("######## Will process only parsers %s and %d findings ########", *restrict_to_parsers, findings.count()) else: # add filter on id to make counts not slow on mysql - findings = Finding.objects.all().filter(id__gt=0) + # exclude duplicates to avoid reprocessing findings that are already marked as duplicates + findings = Finding.objects.all().filter(id__gt=0).exclude(duplicate=True) logger.info("######## Will process the full database with %d findings ########", findings.count()) + # Prefetch related objects for synchronous deduplication + findings = findings.select_related( + "test", "test__engagement", "test__engagement__product", "test__test_type", + ).prefetch_related( + "endpoints", + Prefetch( + "original_finding", + queryset=Finding.objects.only("id", "duplicate_finding_id").order_by("-id"), + ), + ) + # Phase 1: update hash_codes without deduplicating if not dedupe_only: logger.info("######## Start Updating Hashcodes (foreground) ########") - # only prefetch here for hash_code calculation - finds = findings.prefetch_related("endpoints", "test__test_type") - mass_model_updater(Finding, finds, generate_hash_code, fields=["hash_code"], order="asc", log_prefix="hash_code computation ") + mass_model_updater(Finding, findings, generate_hash_code, fields=["hash_code"], order="asc", log_prefix="hash_code computation ") logger.info("######## Done Updating Hashcodes########") @@ -72,17 +96,72 @@ def handle(self, *args, **options): if not hash_code_only: if get_system_setting("enable_deduplication"): logger.info("######## Start deduplicating (%s) ########", ("foreground" if dedupe_sync else "background")) - if dedupe_sync: + if dedupe_batch_mode: + self._dedupe_batch_mode(findings, dedupe_sync=dedupe_sync) + elif dedupe_sync: mass_model_updater(Finding, findings, do_dedupe_finding, fields=None, order="desc", page_size=100, log_prefix="deduplicating ") else: # async tasks only need the id mass_model_updater(Finding, findings.only("id"), lambda f: do_dedupe_finding_task(f.id), fields=None, order="desc", log_prefix="deduplicating ") - # update the grading (if enabled) - logger.debug("Updating grades for products...") - for product in Product.objects.all(): - calculate_grade(product) + if dedupe_sync: + # update the grading (if enabled) and only useful in sync mode + # in async mode the background task that grades products every hour will pick it up + logger.debug("Updating grades for products...") + for product in Product.objects.all(): + calculate_grade(product) logger.info("######## Done deduplicating (%s) ########", ("foreground" if dedupe_sync else "tasks submitted to celery")) else: logger.debug("skipping dedupe because it's disabled in system settings") + + def _dedupe_batch_mode(self, findings_queryset, *, dedupe_sync: bool = True): + """ + Deduplicate findings in batches of max 1000 per test (similar to import process). + This is more efficient than processing findings one-by-one. + Can run synchronously or asynchronously. + """ + mode_str = "synchronous" if dedupe_sync else "asynchronous" + logger.info(f"######## Deduplicating in batch mode ({mode_str}) ########") + + batch_max_size = getattr(settings, "IMPORT_REIMPORT_DEDUPE_BATCH_SIZE", 1000) + total_findings = findings_queryset.count() + logger.info(f"Processing {total_findings} findings in batches of max {batch_max_size} per test ({mode_str})") + + # Group findings by test_id to process them in batches per test + test_ids = findings_queryset.values_list("test_id", flat=True).distinct() + total_tests = len(test_ids) + total_processed = 0 + + for test_id in test_ids: + # Get finding IDs for this test (exclude duplicates to avoid reprocessing) + test_finding_ids = list(findings_queryset.filter(test_id=test_id).exclude(duplicate=True).values_list("id", flat=True)) + + if not test_finding_ids: + continue + + # Process findings for this test in batches of max batch_max_size + batch_finding_ids = [] + for idx, finding_id in enumerate(test_finding_ids): + is_final_finding_for_test = idx == len(test_finding_ids) - 1 + batch_finding_ids.append(finding_id) + + # If batch is full or we're at the end of this test's findings, process the batch + if len(batch_finding_ids) >= batch_max_size or is_final_finding_for_test: + if dedupe_sync: + # Synchronous: load findings and process immediately + batch_findings = get_finding_models_for_deduplication(batch_finding_ids) + logger.debug(f"Deduplicating batch of {len(batch_findings)} findings for test {test_id}") + dedupe_batch_of_findings(batch_findings) + else: + # Asynchronous: submit task with finding IDs + logger.debug(f"Submitting async batch task for {len(batch_finding_ids)} findings for test {test_id}") + do_dedupe_batch_task(batch_finding_ids) + + total_processed += len(batch_finding_ids) + batch_finding_ids = [] + + if total_processed % (batch_max_size * 10) == 0: + logger.info(f"Processed {total_processed}/{total_findings} findings") + + logger.info(f"######## Completed batch deduplication for {total_processed} findings across {total_tests} tests ({mode_str}) ########") diff --git a/dojo/models.py b/dojo/models.py index ec2e48555f1..24875b400f1 100644 --- a/dojo/models.py +++ b/dojo/models.py @@ -2234,6 +2234,7 @@ def deduplication_algorithm(self): @property def hash_code_fields(self): + """Retrieve OS HASH_CODE_FIELDS_PER_SCANNER settings. Be aware when calling this to make sure Pro doesn't use these OS seetings""" hashCodeFields = None if hasattr(settings, "HASHCODE_FIELDS_PER_SCANNER"): @@ -2913,6 +2914,11 @@ def risk_acceptance(self): return None def compute_hash_code(self): + # Allow Pro to overwrite compute hash_code which gets dedupe settings from a database instead of django.settings + from dojo.utils import get_custom_method # noqa: PLC0415 circular import + if compute_hash_code_method := get_custom_method("FINDING_COMPUTE_HASH_METHOD"): + deduplicationLogger.debug("using custom FINDING_COMPUTE_HASH_METHOD method") + return compute_hash_code_method(self) # Check if all needed settings are defined if not hasattr(settings, "HASHCODE_FIELDS_PER_SCANNER") or not hasattr(settings, "HASHCODE_ALLOWS_NULL_CWE") or not hasattr(settings, "HASHCODE_ALLOWED_FIELDS"): diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 8e636470db4..b74dd7e85a9 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -274,6 +274,8 @@ DD_EDITABLE_MITIGATED_DATA=(bool, False), # new feature that tracks history across multiple reimports for the same test DD_TRACK_IMPORT_HISTORY=(bool, True), + # Batch size for import/reimport deduplication processing + DD_IMPORT_REIMPORT_DEDUPE_BATCH_SIZE=(int, 1000), # Delete Auditlogs older than x month; -1 to keep all logs DD_AUDITLOG_FLUSH_RETENTION_PERIOD=(int, -1), # Batch size for flushing audit logs per task run @@ -1696,6 +1698,7 @@ def saml2_attrib_map_format(din): DISABLE_FINDING_MERGE = env("DD_DISABLE_FINDING_MERGE") TRACK_IMPORT_HISTORY = env("DD_TRACK_IMPORT_HISTORY") +IMPORT_REIMPORT_DEDUPE_BATCH_SIZE = env("DD_IMPORT_REIMPORT_DEDUPE_BATCH_SIZE") # ------------------------------------------------------------------------------ # JIRA diff --git a/dojo/utils.py b/dojo/utils.py index fc676e8d2cf..a00ba7b48f1 100644 --- a/dojo/utils.py +++ b/dojo/utils.py @@ -16,7 +16,6 @@ import bleach import crum import cvss -import hyperlink import vobject from asteval import Interpreter from auditlog.models import LogEntry @@ -237,353 +236,6 @@ def match_finding_to_existing_findings(finding, product=None, engagement=None, t return None -# true if both findings are on an engagement that have a different "deduplication on engagement" configuration -def is_deduplication_on_engagement_mismatch(new_finding, to_duplicate_finding): - return not new_finding.test.engagement.deduplication_on_engagement and to_duplicate_finding.test.engagement.deduplication_on_engagement - - -def get_endpoints_as_url(finding): - return [hyperlink.parse(str(e)) for e in finding.endpoints.all()] - - -def are_urls_equal(url1, url2, fields): - # Possible values are: scheme, host, port, path, query, fragment, userinfo, and user. - # For a details description see https://hyperlink.readthedocs.io/en/latest/api.html#attributes - deduplicationLogger.debug("Check if url %s and url %s are equal in terms of %s.", url1, url2, fields) - for field in fields: - if field == "scheme": - if url1.scheme != url2.scheme: - return False - elif field == "host": - if url1.host != url2.host: - return False - elif field == "port": - if url1.port != url2.port: - return False - elif field == "path": - if url1.path != url2.path: - return False - elif field == "query": - if url1.query != url2.query: - return False - elif field == "fragment": - if url1.fragment != url2.fragment: - return False - elif field == "userinfo": - if url1.userinfo != url2.userinfo: - return False - elif field == "user": - if url1.user != url2.user: - return False - else: - logger.warning("Field " + field + " is not supported by the endpoint dedupe algorithm, ignoring it.") - return True - - -def are_endpoints_duplicates(new_finding, to_duplicate_finding): - fields = settings.DEDUPE_ALGO_ENDPOINT_FIELDS - # shortcut if fields list is empty/feature is disabled - if len(fields) == 0: - deduplicationLogger.debug("deduplication by endpoint fields is disabled") - return True - - list1 = get_endpoints_as_url(new_finding) - list2 = get_endpoints_as_url(to_duplicate_finding) - - deduplicationLogger.debug(f"Starting deduplication by endpoint fields for finding {new_finding.id} with urls {list1} and finding {to_duplicate_finding.id} with urls {list2}") - if list1 == [] and list2 == []: - return True - - for l1 in list1: - for l2 in list2: - if are_urls_equal(l1, l2, fields): - return True - return False - - -@dojo_model_to_id -@dojo_async_task -@app.task -@dojo_model_from_id -def do_dedupe_finding_task(new_finding, *args, **kwargs): - return do_dedupe_finding(new_finding, *args, **kwargs) - - -def do_dedupe_finding(new_finding, *args, **kwargs): - if dedupe_method := get_custom_method("FINDING_DEDUPE_METHOD"): - return dedupe_method(new_finding, *args, **kwargs) - - try: - enabled = System_Settings.objects.get(no_cache=True).enable_deduplication - except System_Settings.DoesNotExist: - logger.warning("system settings not found") - enabled = False - if enabled: - deduplicationLogger.debug("dedupe for: " + str(new_finding.id) - + ":" + str(new_finding.title)) - deduplicationAlgorithm = new_finding.test.deduplication_algorithm - deduplicationLogger.debug("deduplication algorithm: " + deduplicationAlgorithm) - if deduplicationAlgorithm == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL: - deduplicate_unique_id_from_tool(new_finding) - elif deduplicationAlgorithm == settings.DEDUPE_ALGO_HASH_CODE: - deduplicate_hash_code(new_finding) - elif deduplicationAlgorithm == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE: - deduplicate_uid_or_hash_code(new_finding) - else: - deduplicationLogger.debug("no configuration per parser found; using legacy algorithm") - deduplicate_legacy(new_finding) - else: - deduplicationLogger.debug("dedupe: skipping dedupe because it's disabled in system settings get()") - return None - - -def deduplicate_legacy(new_finding): - # --------------------------------------------------------- - # 1) Collects all the findings that have the same: - # (title and static_finding and dynamic_finding) - # or (CWE and static_finding and dynamic_finding) - # as the new one - # (this is "cond1") - # --------------------------------------------------------- - if new_finding.test.engagement.deduplication_on_engagement: - eng_findings_cwe = Finding.objects.filter( - test__engagement=new_finding.test.engagement, - cwe=new_finding.cwe).exclude(id=new_finding.id).exclude(cwe=0).exclude(duplicate=True).values("id") - eng_findings_title = Finding.objects.filter( - test__engagement=new_finding.test.engagement, - title=new_finding.title).exclude(id=new_finding.id).exclude(duplicate=True).values("id") - else: - eng_findings_cwe = Finding.objects.filter( - test__engagement__product=new_finding.test.engagement.product, - cwe=new_finding.cwe).exclude(id=new_finding.id).exclude(cwe=0).exclude(duplicate=True).values("id") - eng_findings_title = Finding.objects.filter( - test__engagement__product=new_finding.test.engagement.product, - title=new_finding.title).exclude(id=new_finding.id).exclude(duplicate=True).values("id") - - total_findings = Finding.objects.filter(Q(id__in=eng_findings_cwe) | Q(id__in=eng_findings_title)).prefetch_related("endpoints", "test", "test__engagement", "found_by", "original_finding", "test__test_type") - deduplicationLogger.debug("Found " - + str(len(eng_findings_cwe)) + " findings with same cwe, " - + str(len(eng_findings_title)) + " findings with same title: " - + str(len(total_findings)) + " findings with either same title or same cwe") - - # total_findings = total_findings.order_by('date') - for find in total_findings.order_by("id"): - flag_endpoints = False - flag_line_path = False - flag_hash = False - if is_deduplication_on_engagement_mismatch(new_finding, find): - deduplicationLogger.debug( - "deduplication_on_engagement_mismatch, skipping dedupe.") - continue - - # --------------------------------------------------------- - # 2) If existing and new findings have endpoints: compare them all - # Else look at line+file_path - # (if new finding is not static, do not deduplicate) - # --------------------------------------------------------- - - if find.endpoints.count() != 0 and new_finding.endpoints.count() != 0: - list1 = [str(e) for e in new_finding.endpoints.all()] - list2 = [str(e) for e in find.endpoints.all()] - - if all(x in list1 for x in list2): - deduplicationLogger.debug("%s: existing endpoints are present in new finding", find.id) - flag_endpoints = True - elif new_finding.static_finding and new_finding.file_path and len(new_finding.file_path) > 0: - if str(find.line) == str(new_finding.line) and find.file_path == new_finding.file_path: - deduplicationLogger.debug("%s: file_path and line match", find.id) - flag_line_path = True - else: - deduplicationLogger.debug("no endpoints on one of the findings and file_path doesn't match; Deduplication will not occur") - else: - deduplicationLogger.debug("find.static/dynamic: %s/%s", find.static_finding, find.dynamic_finding) - deduplicationLogger.debug("new_finding.static/dynamic: %s/%s", new_finding.static_finding, new_finding.dynamic_finding) - deduplicationLogger.debug("find.file_path: %s", find.file_path) - deduplicationLogger.debug("new_finding.file_path: %s", new_finding.file_path) - - deduplicationLogger.debug("no endpoints on one of the findings and the new finding is either dynamic or doesn't have a file_path; Deduplication will not occur") - - if find.hash_code == new_finding.hash_code: - flag_hash = True - - deduplicationLogger.debug( - "deduplication flags for new finding (" + ("dynamic" if new_finding.dynamic_finding else "static") + ") " + str(new_finding.id) + " and existing finding " + str(find.id) - + " flag_endpoints: " + str(flag_endpoints) + " flag_line_path:" + str(flag_line_path) + " flag_hash:" + str(flag_hash)) - - # --------------------------------------------------------- - # 3) Findings are duplicate if (cond1 is true) and they have the same: - # hash - # and (endpoints or (line and file_path) - # --------------------------------------------------------- - if ((flag_endpoints or flag_line_path) and flag_hash): - try: - set_duplicate(new_finding, find) - except Exception as e: - deduplicationLogger.debug(str(e)) - continue - - break - - -def deduplicate_unique_id_from_tool(new_finding): - if new_finding.test.engagement.deduplication_on_engagement: - existing_findings = Finding.objects.filter( - test__engagement=new_finding.test.engagement, - # the unique_id_from_tool is unique for a given tool: do not compare with other tools - test__test_type=new_finding.test.test_type, - unique_id_from_tool=new_finding.unique_id_from_tool).exclude( - id=new_finding.id).exclude( - unique_id_from_tool=None).exclude( - duplicate=True).order_by("id") - else: - existing_findings = Finding.objects.filter( - test__engagement__product=new_finding.test.engagement.product, - # the unique_id_from_tool is unique for a given tool: do not compare with other tools - test__test_type=new_finding.test.test_type, - unique_id_from_tool=new_finding.unique_id_from_tool).exclude( - id=new_finding.id).exclude( - unique_id_from_tool=None).exclude( - duplicate=True).order_by("id") - - deduplicationLogger.debug("Found " - + str(len(existing_findings)) + " findings with same unique_id_from_tool") - for find in existing_findings: - if is_deduplication_on_engagement_mismatch(new_finding, find): - deduplicationLogger.debug( - "deduplication_on_engagement_mismatch, skipping dedupe.") - continue - try: - set_duplicate(new_finding, find) - break - except Exception as e: - deduplicationLogger.debug(str(e)) - continue - - -def deduplicate_hash_code(new_finding): - if new_finding.test.engagement.deduplication_on_engagement: - existing_findings = Finding.objects.filter( - test__engagement=new_finding.test.engagement, - hash_code=new_finding.hash_code).exclude( - id=new_finding.id).exclude( - hash_code=None).exclude( - duplicate=True).order_by("id") - else: - existing_findings = Finding.objects.filter( - test__engagement__product=new_finding.test.engagement.product, - hash_code=new_finding.hash_code).exclude( - id=new_finding.id).exclude( - hash_code=None).exclude( - duplicate=True).order_by("id") - - deduplicationLogger.debug("Found " - + str(len(existing_findings)) + " findings with same hash_code") - for find in existing_findings: - if is_deduplication_on_engagement_mismatch(new_finding, find): - deduplicationLogger.debug( - "deduplication_on_engagement_mismatch, skipping dedupe.") - continue - try: - if are_endpoints_duplicates(new_finding, find): - set_duplicate(new_finding, find) - break - except Exception as e: - deduplicationLogger.debug(str(e)) - continue - - -def deduplicate_uid_or_hash_code(new_finding): - if new_finding.test.engagement.deduplication_on_engagement: - existing_findings = Finding.objects.filter( - (Q(hash_code__isnull=False) & Q(hash_code=new_finding.hash_code)) - # unique_id_from_tool can only apply to the same test_type because it is parser dependent - | (Q(unique_id_from_tool__isnull=False) & Q(unique_id_from_tool=new_finding.unique_id_from_tool) & Q(test__test_type=new_finding.test.test_type)), - test__engagement=new_finding.test.engagement).exclude( - id=new_finding.id).exclude( - duplicate=True).order_by("id") - else: - # same without "test__engagement=new_finding.test.engagement" condition - existing_findings = Finding.objects.filter( - (Q(hash_code__isnull=False) & Q(hash_code=new_finding.hash_code)) - | (Q(unique_id_from_tool__isnull=False) & Q(unique_id_from_tool=new_finding.unique_id_from_tool) & Q(test__test_type=new_finding.test.test_type)), - test__engagement__product=new_finding.test.engagement.product).exclude( - id=new_finding.id).exclude( - duplicate=True).order_by("id") - deduplicationLogger.debug("Found " - + str(len(existing_findings)) + " findings with either the same unique_id_from_tool or hash_code: " + str([find.id for find in existing_findings])) - for find in existing_findings: - if is_deduplication_on_engagement_mismatch(new_finding, find): - deduplicationLogger.debug( - "deduplication_on_engagement_mismatch, skipping dedupe.") - continue - try: - if are_endpoints_duplicates(new_finding, find): - set_duplicate(new_finding, find) - break - except Exception as e: - deduplicationLogger.debug(str(e)) - continue - - -def set_duplicate(new_finding, existing_finding): - deduplicationLogger.debug(f"new_finding.status(): {new_finding.id} {new_finding.status()}") - deduplicationLogger.debug(f"existing_finding.status(): {existing_finding.id} {existing_finding.status()}") - if existing_finding.duplicate: - deduplicationLogger.debug("existing finding: %s:%s:duplicate=%s;duplicate_finding=%s", existing_finding.id, existing_finding.title, existing_finding.duplicate, existing_finding.duplicate_finding.id if existing_finding.duplicate_finding else "None") - msg = "Existing finding is a duplicate" - raise Exception(msg) - if existing_finding.id == new_finding.id: - msg = "Can not add duplicate to itself" - raise Exception(msg) - if is_duplicate_reopen(new_finding, existing_finding): - msg = "Found a regression. Ignore this so that a new duplicate chain can be made" - raise Exception(msg) - if new_finding.duplicate and finding_mitigated(existing_finding): - msg = "Skip this finding as we do not want to attach a new duplicate to a mitigated finding" - raise Exception(msg) - - deduplicationLogger.debug("Setting new finding " + str(new_finding.id) + " as a duplicate of existing finding " + str(existing_finding.id)) - new_finding.duplicate = True - new_finding.active = False - new_finding.verified = False - new_finding.duplicate_finding = existing_finding - - # Make sure transitive duplication is flattened - # if A -> B and B is made a duplicate of C here, aferwards: - # A -> C and B -> C should be true - for find in new_finding.original_finding.all().order_by("-id"): - new_finding.original_finding.remove(find) - set_duplicate(find, existing_finding) - existing_finding.found_by.add(new_finding.test.test_type) - logger.debug("saving new finding: %d", new_finding.id) - super(Finding, new_finding).save() - logger.debug("saving existing finding: %d", existing_finding.id) - super(Finding, existing_finding).save() - - -def is_duplicate_reopen(new_finding, existing_finding) -> bool: - return finding_mitigated(existing_finding) and finding_not_human_set_status(existing_finding) and not finding_mitigated(new_finding) - - -def finding_mitigated(finding: Finding) -> bool: - return finding.active is False and (finding.is_mitigated is True or finding.mitigated is not None) - - -def finding_not_human_set_status(finding: Finding) -> bool: - return finding.out_of_scope is False and finding.false_p is False - - -def set_duplicate_reopen(new_finding, existing_finding): - logger.debug("duplicate reopen existing finding") - existing_finding.mitigated = new_finding.mitigated - existing_finding.is_mitigated = new_finding.is_mitigated - existing_finding.active = new_finding.active - existing_finding.verified = new_finding.verified - existing_finding.notes.create(author=existing_finding.reporter, - entry="This finding has been automatically re-opened as it was found in recent scans.") - existing_finding.save() - - def count_findings(findings: QuerySet) -> tuple[dict["Product", list[int]], dict[str, int]]: agg = ( findings.values(prod_id=F("test__engagement__product_id")) diff --git a/unittests/test_duplication_loops.py b/unittests/test_duplication_loops.py index d85e52e1046..9a84024e560 100644 --- a/unittests/test_duplication_loops.py +++ b/unittests/test_duplication_loops.py @@ -3,9 +3,9 @@ from crum import impersonate from django.test.utils import override_settings +from dojo.finding.deduplication import set_duplicate from dojo.management.commands.fix_loop_duplicates import fix_loop_duplicates from dojo.models import Engagement, Finding, Product, User, copy_model_util -from dojo.utils import set_duplicate from .dojo_test_case import DojoTestCase diff --git a/unittests/test_importers_performance.py b/unittests/test_importers_performance.py index 38d63babad1..c0da1e213c7 100644 --- a/unittests/test_importers_performance.py +++ b/unittests/test_importers_performance.py @@ -178,11 +178,11 @@ def test_import_reimport_reimport_performance_async(self): self._import_reimport_performance( expected_num_queries1=340, - expected_num_async_tasks1=10, + expected_num_async_tasks1=7, expected_num_queries2=288, - expected_num_async_tasks2=22, + expected_num_async_tasks2=18, expected_num_queries3=175, - expected_num_async_tasks3=20, + expected_num_async_tasks3=17, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-pghistory") @@ -196,11 +196,11 @@ def test_import_reimport_reimport_performance_pghistory_async(self): self._import_reimport_performance( expected_num_queries1=306, - expected_num_async_tasks1=10, + expected_num_async_tasks1=7, expected_num_queries2=281, - expected_num_async_tasks2=22, + expected_num_async_tasks2=18, expected_num_queries3=170, - expected_num_async_tasks3=20, + expected_num_async_tasks3=17, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-auditlog") @@ -219,12 +219,12 @@ def test_import_reimport_reimport_performance_no_async(self): testuser.usercontactinfo.block_execution = True testuser.usercontactinfo.save() self._import_reimport_performance( - expected_num_queries1=350, - expected_num_async_tasks1=10, - expected_num_queries2=305, - expected_num_async_tasks2=22, - expected_num_queries3=190, - expected_num_async_tasks3=20, + expected_num_queries1=345, + expected_num_async_tasks1=6, + expected_num_queries2=293, + expected_num_async_tasks2=17, + expected_num_queries3=180, + expected_num_async_tasks3=16, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-pghistory") @@ -241,12 +241,12 @@ def test_import_reimport_reimport_performance_pghistory_no_async(self): testuser.usercontactinfo.save() self._import_reimport_performance( - expected_num_queries1=316, - expected_num_async_tasks1=10, - expected_num_queries2=298, - expected_num_async_tasks2=22, - expected_num_queries3=185, - expected_num_async_tasks3=20, + expected_num_queries1=311, + expected_num_async_tasks1=6, + expected_num_queries2=286, + expected_num_async_tasks2=17, + expected_num_queries3=175, + expected_num_async_tasks3=16, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-auditlog") @@ -267,12 +267,12 @@ def test_import_reimport_reimport_performance_no_async_with_product_grading(self self.system_settings(enable_product_grade=True) self._import_reimport_performance( - expected_num_queries1=351, - expected_num_async_tasks1=11, - expected_num_queries2=306, - expected_num_async_tasks2=23, - expected_num_queries3=191, - expected_num_async_tasks3=21, + expected_num_queries1=347, + expected_num_async_tasks1=8, + expected_num_queries2=295, + expected_num_async_tasks2=19, + expected_num_queries3=182, + expected_num_async_tasks3=18, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-pghistory") @@ -290,12 +290,12 @@ def test_import_reimport_reimport_performance_pghistory_no_async_with_product_gr self.system_settings(enable_product_grade=True) self._import_reimport_performance( - expected_num_queries1=317, - expected_num_async_tasks1=11, - expected_num_queries2=299, - expected_num_async_tasks2=23, - expected_num_queries3=186, - expected_num_async_tasks3=21, + expected_num_queries1=313, + expected_num_async_tasks1=8, + expected_num_queries2=288, + expected_num_async_tasks2=19, + expected_num_queries3=177, + expected_num_async_tasks3=18, ) # Deduplication is enabled in the tests above, but to properly test it we must run the same import twice and capture the results. @@ -414,9 +414,9 @@ def test_deduplication_performance_async(self): self._deduplication_performance( expected_num_queries1=311, - expected_num_async_tasks1=12, + expected_num_async_tasks1=8, expected_num_queries2=204, - expected_num_async_tasks2=12, + expected_num_async_tasks2=8, check_duplicates=False, # Async mode - deduplication happens later ) @@ -431,9 +431,9 @@ def test_deduplication_performance_pghistory_async(self): self._deduplication_performance( expected_num_queries1=275, - expected_num_async_tasks1=12, + expected_num_async_tasks1=8, expected_num_queries2=185, - expected_num_async_tasks2=12, + expected_num_async_tasks2=8, check_duplicates=False, # Async mode - deduplication happens later ) @@ -451,10 +451,10 @@ def test_deduplication_performance_no_async(self): testuser.usercontactinfo.save() self._deduplication_performance( - expected_num_queries1=323, - expected_num_async_tasks1=12, - expected_num_queries2=318, - expected_num_async_tasks2=12, + expected_num_queries1=316, + expected_num_async_tasks1=7, + expected_num_queries2=287, + expected_num_async_tasks2=7, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-pghistory") @@ -471,8 +471,8 @@ def test_deduplication_performance_pghistory_no_async(self): testuser.usercontactinfo.save() self._deduplication_performance( - expected_num_queries1=287, - expected_num_async_tasks1=12, - expected_num_queries2=281, - expected_num_async_tasks2=12, + expected_num_queries1=280, + expected_num_async_tasks1=7, + expected_num_queries2=250, + expected_num_async_tasks2=7, ) diff --git a/unittests/test_utils_deduplication_reopen.py b/unittests/test_utils_deduplication_reopen.py index a7e72ede118..2981222d591 100644 --- a/unittests/test_utils_deduplication_reopen.py +++ b/unittests/test_utils_deduplication_reopen.py @@ -1,9 +1,9 @@ import datetime import logging +from dojo.finding.deduplication import set_duplicate from dojo.management.commands.fix_loop_duplicates import fix_loop_duplicates from dojo.models import Finding, copy_model_util -from dojo.utils import set_duplicate from .dojo_test_case import DojoTestCase From 6e55879f4a187788e3df8c0b2a4998d229d728a8 Mon Sep 17 00:00:00 2001 From: sNiXx Date: Fri, 14 Nov 2025 17:34:18 +0000 Subject: [PATCH 47/54] docs: update SonarQube API pull details (#13689) --- .../supported_tools/parsers/api/_index.md | 19 ++++--- .../supported_tools/parsers/api/sonarqube.md | 52 +++++++++++-------- 2 files changed, 44 insertions(+), 27 deletions(-) diff --git a/docs/content/supported_tools/parsers/api/_index.md b/docs/content/supported_tools/parsers/api/_index.md index 14859189003..2cc476beda1 100644 --- a/docs/content/supported_tools/parsers/api/_index.md +++ b/docs/content/supported_tools/parsers/api/_index.md @@ -11,14 +11,21 @@ All parsers that use API pull have common basic configuration steps, but with di Follow these steps to set up API importing: +## Tool Configuration + 1. Configure the API authentication details by navigating to `Configuration -> Tool Configuration -> Add Tool Configuration`. Enter a `Name`, selecting the related `Tool Type` and `Authentication Type` "API Key". Paste your credentials - to the proper fields based on definitions below. + into the proper fields based on the selected parser. + +## Product-Level Configuration + +1. Navigate to `Products -> All Products` and select a product from the list. + +2. Click on `Settings` and select `Add API Scan Configuration` -2. In the `Product` settings select `Add API Scan Configuration` and select the - previously added `Tool Configuration`. Provide values based on definitions below. +3. Select the previously added `Tool Configuration` and provide additional values based on the selected parser. -3. After this is done, you can import the findings on the `Product` page through - `Findings -> Import Scan Results`. As the `Scan type`, select the related type, - the API scan configuration from the last step, and click `Import`. +4. After this is done, you can import the findings on the `Product` page through + `Findings -> Import Scan Results`. As the `Scan type`, select the related type + (the `API Scan Configuration` created above) and click `Import`. diff --git a/docs/content/supported_tools/parsers/api/sonarqube.md b/docs/content/supported_tools/parsers/api/sonarqube.md index 2fe14567d6f..3f38e022ebe 100644 --- a/docs/content/supported_tools/parsers/api/sonarqube.md +++ b/docs/content/supported_tools/parsers/api/sonarqube.md @@ -2,20 +2,24 @@ title: "SonarQube API Import" toc_hide: true --- -All parsers which using API have common basic configuration step but with different values. Please, [read these steps](../) at first. +All parsers that use API pull have common basic configuration steps, but with different values. Please, [read these steps](../) first. -In `Tool Configuration`, select `Tool Type` to "SonarQube" and `Authentication Type` "API Key". -Note the url must be in the format of `https:///api` +## Tool Configuration + +In `Tool Configuration`, select `Tool Type` "SonarQube" and `Authentication Type` "API Key". +The URL must be in the format of `https:///api` Paste your SonarQube API token in the "API Key" field. -By default the tool will import vulnerabilities issues -and security hotspots only, but additional filters can be setup using the -Extras field separated by commas (e.g. `BUG,VULNERABILITY,CODE_SMELL`). When using -SonarCloud, you must also specify the Organization ID in the Extras field as follows -`OrgID=sonarcloud-organzation-ID`. If also specifying issue type filters, please -seperate the items in the Extras field by a vertical bar as follows -`BUG,VULNERABILITY,CODE_SMELL|OrgID=sonarcloud-organzation-ID` - -In "Add API Scan Configuration" +By default, the tool will import vulnerability issues +and security hotspots only, but additional filters can be applied using the +"Extras" field separated by commas (e.g. `BUG,VULNERABILITY,CODE_SMELL`). When using +SonarCloud, you must also specify the Organization ID in the "Extras" field (e.g. +`OrgID=sonarcloud-organzation-ID`). When also specifying issue type filters, please +separate the items in the "Extras" field by a vertical bar (e.g. +`BUG,VULNERABILITY,CODE_SMELL|OrgID=sonarcloud-organzation-ID`) + +## Product-Level Configuration + +In `Add API Scan Configuration` - `Service key 1` must be the SonarQube project key, which can be found by navigating to a specific project and selecting the value from the url @@ -24,23 +28,29 @@ In "Add API Scan Configuration" use the name of the Product as the project key in SonarQube. If you would like to import findings from multiple projects, you can specify multiple keys as separated `API Scan Configuration` in the `Product` settings. -- If using SonarCloud, the orginization ID can be used from step 1, but it - can be overiden by supplying a different orginization ID in the `Service key 2` input field. +- If using SonarCloud, the organization ID can be used from step 1, but it + can be overridden by supplying a different organization ID in the `Service key 2` input field. ## Multiple SonarQube API Configurations -In the import or re-import dialog you can select which `API Scan +In the import or re-import dialog, you can select which `API Scan Configuration` shall be used. If you do not choose any, DefectDojo will use the `API Scan Configuration` of the Product if there is only one defined or the SonarQube `Tool Configuration` if there is only one. -## Multi Branch Scanning +## Multi-Branch Scanning -If using a version of SonarQube with multi branch scanning, the branch tha be scanned can -be supplied in the `branch_tag` fieild at import/re-import time. If the branch does not exist, -a notification will be generated in the alerts table indicating that branch to be imported +If using a version of SonarQube with multi-branch scanning, the branch to be scanned can +be supplied in the `branch_tag` field at import/re-import time. If the branch does not exist, +a notification will be generated in the alerts table, indicating that branch to be imported does not exist. If a branch name is not supplied during import/re-import, the default branch of the SonarQube project will be used. -**Note:**: If `https` is used for the SonarQube, the certificate must be -trusted by the DefectDojo instance. +## Custom Trust + +If you are connecting to SonarQube via HTTPS, the issuer of the certificate that is presented by +SonarQube must be trusted. + +One way of achieving this is by defining the `REQUESTS_CA_BUNDLE` environment variable to point +to a PEM-encoded certificate file in the container (e.g. `REQUESTS_CA_BUNDLE=/app/media/cacerts.pem`). +To ensure the certificate is persisted, the file should be in a mounted volume. \ No newline at end of file From 348a345683a3c3ccff2f06a4db078cae6c7a030f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Nov 2025 17:13:08 -0700 Subject: [PATCH 48/54] chore(deps): bump boto3 from 1.40.72 to 1.40.73 (#13706) Bumps [boto3](https://github.com/boto/boto3) from 1.40.72 to 1.40.73. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.40.72...1.40.73) --- updated-dependencies: - dependency-name: boto3 dependency-version: 1.40.73 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 3dfbf768384..a01fc70956f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -62,7 +62,7 @@ django-ratelimit==4.1.0 argon2-cffi==25.1.0 blackduck==1.1.3 pycurl==7.45.7 # Required for Celery Broker AWS (SQS) support -boto3==1.40.72 # Required for Celery Broker AWS (SQS) support +boto3==1.40.73 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==3.1.2 fontawesomefree==6.6.0 From 5e9f1aed2767e2f441520c05447685a00c92c8ca Mon Sep 17 00:00:00 2001 From: qlimenoque <49155800+qlimenoque@users.noreply.github.com> Date: Sat, 15 Nov 2025 02:15:02 +0200 Subject: [PATCH 49/54] fix(helm): merge extraAnnotations with init job annotations (#13677) * fix(helm): merge extraAnnotations with init job annotations * fix: artifacthub annotation * docs: 2.53 upgrade instructions * docs(helm): update readme * fix: values schema --- docs/content/en/open_source/upgrading/2.53.md | 45 ++++++++++++++++++- helm/defectdojo/Chart.yaml | 6 ++- helm/defectdojo/README.md | 4 +- .../defectdojo/templates/initializer-job.yaml | 6 ++- helm/defectdojo/values.schema.json | 6 +-- helm/defectdojo/values.yaml | 2 +- 6 files changed, 57 insertions(+), 12 deletions(-) diff --git a/docs/content/en/open_source/upgrading/2.53.md b/docs/content/en/open_source/upgrading/2.53.md index b1aad525f26..aa0909a7010 100644 --- a/docs/content/en/open_source/upgrading/2.53.md +++ b/docs/content/en/open_source/upgrading/2.53.md @@ -2,9 +2,50 @@ title: 'Upgrading to DefectDojo Version 2.53.x' toc_hide: true weight: -20251103 -description: No special instructions. +description: Helm chart changes for initializer annotations. --- -There are no special instructions for upgrading to 2.53.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.53.0) for the contents of the release. + +## Helm Chart Changes + +This release introduces an important change to the Helm chart configuration for the initializer job. + +### Breaking changes + +#### Initializer Annotation Handling + +- **Renamed initializer annotations**: The `initializer.annotations` field has been renamed to `initializer.podAnnotations` for clarity and consistency with other DefectDojo resources. +- **Merged annotation support**: Global `extraAnnotations` are now automatically merged with the initializer's `podAnnotations` to ensure consistent annotation handling across all resources. + +> The previous implementation did not merge global `extraAnnotations` with the initializer job's pod annotations, causing inconsistencies in annotation management. + +#### Moved values + +The following Helm chart values have been modified in this release: + +- `initializer.annotations` → `initializer.podAnnotations` (applies to Pod template metadata within the Job) + +Note: `initializer.jobAnnotations` affects the Job spec metadata, while `initializer.podAnnotations` affects the Pod template metadata within the Job. + +#### Migration + +If you were using: + +```yaml +initializer: + annotations: + foo: bar +``` + +Update to: + +```yaml +initializer: + podAnnotations: + foo: bar +``` + +Both `extraAnnotations` and `initializer.podAnnotations` will now be properly applied to the initializer pod. ## Reimport updates fields fix_available and fix_version + Reimport will update existing findings `fix_available` and `fix_version` fields based on the incoming scan report. diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 3e3ef73d073..9fbffd20c6b 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "2.53.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.8.2-dev +version: 1.9.0-dev icon: https://defectdojo.com/hubfs/DefectDojo_favicon.png maintainers: - name: madchap @@ -34,4 +34,6 @@ dependencies: # description: Critical bug annotations: artifacthub.io/prerelease: "true" - artifacthub.io/changes: "" + artifacthub.io/changes: | + - kind: fixed + description: extraAnnotations spec doesn't affect initializer job diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md index aa468e6bc61..f1a8471f177 100644 --- a/helm/defectdojo/README.md +++ b/helm/defectdojo/README.md @@ -495,7 +495,7 @@ kubectl delete pvc data-defectdojo-redis-0 data-defectdojo-postgresql-0 # General information about chart values -![Version: 1.8.2-dev](https://img.shields.io/badge/Version-1.8.2--dev-informational?style=flat-square) ![AppVersion: 2.53.0-dev](https://img.shields.io/badge/AppVersion-2.53.0--dev-informational?style=flat-square) +![Version: 1.9.0-dev](https://img.shields.io/badge/Version-1.9.0--dev-informational?style=flat-square) ![AppVersion: 2.53.0-dev](https://img.shields.io/badge/AppVersion-2.53.0--dev-informational?style=flat-square) A Helm chart for Kubernetes to install DefectDojo @@ -683,7 +683,6 @@ A Helm chart for Kubernetes to install DefectDojo | images.nginx.image.repository | string | `"defectdojo/defectdojo-nginx"` | | | images.nginx.image.tag | string | `""` | If empty, use appVersion. Another possible values are: latest, X.X.X, X.X.X-alpine (where X.X.X is version of DD). For dev builds (only for testing purposes): nightly-dev, nightly-dev-alpine. To see all, check https://hub.docker.com/r/defectdojo/defectdojo-nginx/tags. | | initializer.affinity | object | `{}` | | -| initializer.annotations | object | `{}` | | | initializer.automountServiceAccountToken | bool | `false` | | | initializer.containerSecurityContext | object | `{}` | Container security context for the initializer Job container | | initializer.extraEnv | list | `[]` | Additional environment variables injected to the initializer job pods. | @@ -694,6 +693,7 @@ A Helm chart for Kubernetes to install DefectDojo | initializer.keepSeconds | int | `60` | A positive integer will keep this Job and Pod deployed for the specified number of seconds, after which they will be removed. For all other values, the Job and Pod will remain deployed. | | initializer.labels | object | `{}` | | | initializer.nodeSelector | object | `{}` | | +| initializer.podAnnotations | object | `{}` | | | initializer.podSecurityContext | object | `{}` | Pod security context for the initializer Job | | initializer.resources.limits.cpu | string | `"2000m"` | | | initializer.resources.limits.memory | string | `"512Mi"` | | diff --git a/helm/defectdojo/templates/initializer-job.yaml b/helm/defectdojo/templates/initializer-job.yaml index 43dcd269d8f..15d56d4f7fc 100644 --- a/helm/defectdojo/templates/initializer-job.yaml +++ b/helm/defectdojo/templates/initializer-job.yaml @@ -36,9 +36,11 @@ spec: {{- with .Values.initializer.labels }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with mergeOverwrite dict .Values.extraAnnotations .Values.initializer.podAnnotations }} annotations: - {{- with .Values.initializer.annotations }} - {{- toYaml . | nindent 8 }} + {{- range $key, $value := . }} + {{ $key }}: {{ quote $value }} + {{- end }} {{- end }} spec: {{- if .Values.securityContext.enabled }} diff --git a/helm/defectdojo/values.schema.json b/helm/defectdojo/values.schema.json index 29331072e96..57b03199547 100644 --- a/helm/defectdojo/values.schema.json +++ b/helm/defectdojo/values.schema.json @@ -914,9 +914,6 @@ "affinity": { "type": "object" }, - "annotations": { - "type": "object" - }, "automountServiceAccountToken": { "type": "boolean" }, @@ -967,6 +964,9 @@ "nodeSelector": { "type": "object" }, + "podAnnotations": { + "type": "object" + }, "podSecurityContext": { "description": "Pod security context for the initializer Job", "type": "object" diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml index cf04f33bf11..676c10cae8a 100644 --- a/helm/defectdojo/values.yaml +++ b/helm/defectdojo/values.yaml @@ -486,7 +486,7 @@ initializer: run: true automountServiceAccountToken: false jobAnnotations: {} - annotations: {} + podAnnotations: {} labels: {} # -- A positive integer will keep this Job and Pod deployed for the specified number of seconds, after which they will be removed. For all other values, the Job and Pod will remain deployed. keepSeconds: 60 From 67801cf33ebde2ae2323cabb5adbea495b6a8e86 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 14 Nov 2025 22:01:56 -0600 Subject: [PATCH 50/54] chore(deps): update postgres docker tag from 18.0 to v18.1 (docker-compose.yml) (#13704) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 24832c74e3e..3cc3cfff2da 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -120,7 +120,7 @@ services: source: ./docker/extra_settings target: /app/docker/extra_settings postgres: - image: postgres:18.0-alpine@sha256:48c8ad3a7284b82be4482a52076d47d879fd6fb084a1cbfccbd551f9331b0e40 + image: postgres:18.1-alpine@sha256:db3b1082629f4b3a15390436f64ed4de1676b2e593d8282a50f40e92e20e6a9d environment: POSTGRES_DB: ${DD_DATABASE_NAME:-defectdojo} POSTGRES_USER: ${DD_DATABASE_USER:-defectdojo} From 9a319cec7538b4a7bc9e80a1c925edc78e11eecb Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Mon, 17 Nov 2025 02:36:35 +0100 Subject: [PATCH 51/54] :arrow_up: Bump ruff from 0.14.4 to 0.14.5 (#13708) * :arrow_up: Bump ruff from 0.14.4 to 0.14.5 * fix SIM113 --- dojo/tools/nexpose/parser.py | 3 +-- requirements-lint.txt | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/dojo/tools/nexpose/parser.py b/dojo/tools/nexpose/parser.py index 9c03ba8f277..d2a9b28541c 100644 --- a/dojo/tools/nexpose/parser.py +++ b/dojo/tools/nexpose/parser.py @@ -63,7 +63,7 @@ def parse_html_type(self, node): ret += "
  • " + str(node.text).strip() + "
    • " if tag == "orderedlist": i = 1 - for item in list(node): + for i, item in enumerate(node): ret += ( "
      " + str(i) @@ -71,7 +71,6 @@ def parse_html_type(self, node): + self.parse_html_type(item) + "
    " ) - i += 1 if tag == "paragraph": if len(list(node)) > 0: for child in list(node): diff --git a/requirements-lint.txt b/requirements-lint.txt index 0f8390862b8..b810e7bc123 100644 --- a/requirements-lint.txt +++ b/requirements-lint.txt @@ -1 +1 @@ -ruff==0.14.4 +ruff==0.14.5 \ No newline at end of file From 82cbdb727611afc9a05772f3663846b2088851a4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 16 Nov 2025 21:49:44 -0700 Subject: [PATCH 52/54] Update postgres:18.1-alpine Docker digest from 18.1 to 18.1-alpine (docker-compose.yml) (#13711) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 3cc3cfff2da..ada66ba1a57 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -120,7 +120,7 @@ services: source: ./docker/extra_settings target: /app/docker/extra_settings postgres: - image: postgres:18.1-alpine@sha256:db3b1082629f4b3a15390436f64ed4de1676b2e593d8282a50f40e92e20e6a9d + image: postgres:18.1-alpine@sha256:154ea39af68ff30dec041cd1f1b5600009993724c811dbadde54126eb10bedd1 environment: POSTGRES_DB: ${DD_DATABASE_NAME:-defectdojo} POSTGRES_USER: ${DD_DATABASE_USER:-defectdojo} From 461a88576e78270ffe72547043627eeb47855ce4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 16 Nov 2025 21:49:54 -0700 Subject: [PATCH 53/54] Update dependency renovatebot/renovate from 42.5.0 to v42.5.4 (.github/workflows/renovate.yaml) (#13712) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/renovate.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 135113027c0..fc2925921d2 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -21,4 +21,4 @@ jobs: uses: suzuki-shunsuke/github-action-renovate-config-validator@c22827f47f4f4a5364bdba19e1fe36907ef1318e # v1.1.1 with: strict: "true" - validator_version: 42.5.0 # renovate: datasource=github-releases depName=renovatebot/renovate + validator_version: 42.5.4 # renovate: datasource=github-releases depName=renovatebot/renovate From ed3719968e44dd211cdfac81f8a347f90181af9e Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 17 Nov 2025 15:43:08 +0000 Subject: [PATCH 54/54] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 12 ++++-------- helm/defectdojo/README.md | 2 +- 4 files changed, 7 insertions(+), 11 deletions(-) diff --git a/components/package.json b/components/package.json index cd38f67ae36..07c351cf814 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.52.2", + "version": "2.53.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index effca246b4b..75c2142e9d9 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = "2.52.2" +__version__ = "2.53.0-dev" __url__ = "https://github.com/DefectDojo/django-DefectDojo" __docs__ = "https://documentation.defectdojo.com" diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 70cb2841277..4b57aec7bec 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.52.2" +appVersion: "2.53.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.8.2 +version: 1.8.3-dev icon: https://defectdojo.com/hubfs/DefectDojo_favicon.png maintainers: - name: madchap @@ -33,9 +33,5 @@ dependencies: # - kind: security # description: Critical bug annotations: - artifacthub.io/prerelease: "false" - artifacthub.io/changes: | - - kind: changed - description: Location of HELM development hints has been changed - - kind: changed - description: Bump DefectDojo to 2.52.2 + artifacthub.io/prerelease: "true" + artifacthub.io/changes: "" diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md index 7e3d8421060..44d294b7ae6 100644 --- a/helm/defectdojo/README.md +++ b/helm/defectdojo/README.md @@ -512,7 +512,7 @@ The HELM schema will be generated for you. # General information about chart values -![Version: 1.8.2](https://img.shields.io/badge/Version-1.8.2-informational?style=flat-square) ![AppVersion: 2.52.2](https://img.shields.io/badge/AppVersion-2.52.2-informational?style=flat-square) +![Version: 1.8.3-dev](https://img.shields.io/badge/Version-1.8.3--dev-informational?style=flat-square) ![AppVersion: 2.53.0-dev](https://img.shields.io/badge/AppVersion-2.53.0--dev-informational?style=flat-square) A Helm chart for Kubernetes to install DefectDojo