diff --git a/.github/workflows/build-docker-images-for-testing.yml b/.github/workflows/build-docker-images-for-testing.yml index 9175b7c2993..052fb5896a7 100644 --- a/.github/workflows/build-docker-images-for-testing.yml +++ b/.github/workflows/build-docker-images-for-testing.yml @@ -40,7 +40,7 @@ jobs: echo $GITHUB_ENV - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false diff --git a/.github/workflows/fetch-oas.yml b/.github/workflows/fetch-oas.yml index 4569439e20a..b74f88b4429 100644 --- a/.github/workflows/fetch-oas.yml +++ b/.github/workflows/fetch-oas.yml @@ -22,7 +22,7 @@ jobs: file-type: [yaml, json] steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: release/${{ env.release_version }} diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 91e042f8049..2c383433fd7 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -18,13 +18,13 @@ jobs: - name: Setup Hugo uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0 with: - hugo-version: '0.152.1' # renovate: datasource=github-releases depName=gohugoio/hugo + hugo-version: '0.152.2' # renovate: datasource=github-releases depName=gohugoio/hugo extended: true - name: Setup Node uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: - node-version: '24.11.0' # TODO: Renovate helper might not be needed here - needs to be fully tested + node-version: '24.11.1' # TODO: Renovate helper might not be needed here - needs to be fully tested - name: Cache dependencies uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 @@ -35,7 +35,7 @@ jobs: ${{ runner.os }}-node- - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: submodules: recursive fetch-depth: 0 diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 140c4f2befd..d1f1bbab941 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -54,7 +54,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 # load docker images from build jobs - name: Load images from artifacts diff --git a/.github/workflows/k8s-tests.yml b/.github/workflows/k8s-tests.yml index 6ad83c848f0..a96dbfa7bee 100644 --- a/.github/workflows/k8s-tests.yml +++ b/.github/workflows/k8s-tests.yml @@ -16,13 +16,13 @@ jobs: # databases, broker and k8s are independent, so we don't need to test each combination # lastest k8s version (https://kubernetes.io/releases/) and the oldest officially supported version # are tested (https://kubernetes.io/releases/) - - k8s: 'v1.34.0' # renovate: datasource=github-releases depName=kubernetes/kubernetes versioning=loose + - k8s: 'v1.34.2' # renovate: datasource=github-releases depName=kubernetes/kubernetes versioning=loose os: debian - - k8s: 'v1.31.13' # renovate: datasource=custom.endoflife-oldest-maintained depName=kubernetes + - k8s: '1.32.10' # renovate: datasource=custom.endoflife-oldest-maintained depName=kubernetes os: debian steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Setup Minikube uses: manusa/actions-setup-minikube@b589f2d61bf96695c546929c72b38563e856059d # v2.14.0 @@ -73,8 +73,8 @@ jobs: --set images.nginx.image.tag=latest \ --set imagePullPolicy=Never \ --set initializer.keepSeconds="-1" \ - --set redis.enabled=true \ - --set createRedisSecret=true \ + --set valkey.enabled=true \ + --set createValkeySecret=true \ --set postgresql.enabled=true \ --set createPostgresqlSecret=true \ --set createSecret=true diff --git a/.github/workflows/release-1-create-pr.yml b/.github/workflows/release-1-create-pr.yml index 7d3f9bb64a0..2c0cd53c786 100644 --- a/.github/workflows/release-1-create-pr.yml +++ b/.github/workflows/release-1-create-pr.yml @@ -40,7 +40,7 @@ jobs: run: echo "GITHUB_ORG=${GITHUB_REPOSITORY%%/*}" >> $GITHUB_ENV - name: Checkout from_branch branch - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ inputs.from_branch }} @@ -58,7 +58,7 @@ jobs: run: git push origin HEAD:${NEW_BRANCH} - name: Checkout release branch - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ env.NEW_BRANCH }} diff --git a/.github/workflows/release-2-tag-docker-push.yml b/.github/workflows/release-2-tag-docker-push.yml index 5cd3fe3a4d8..dd3369eadd1 100644 --- a/.github/workflows/release-2-tag-docker-push.yml +++ b/.github/workflows/release-2-tag-docker-push.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: master diff --git a/.github/workflows/release-3-master-into-dev.yml b/.github/workflows/release-3-master-into-dev.yml index 15674b5af40..708b9f31c44 100644 --- a/.github/workflows/release-3-master-into-dev.yml +++ b/.github/workflows/release-3-master-into-dev.yml @@ -23,7 +23,7 @@ jobs: run: echo "GITHUB_ORG=${GITHUB_REPOSITORY%%/*}" >> $GITHUB_ENV - name: Checkout master - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: master @@ -40,7 +40,7 @@ jobs: run: git push origin HEAD:${NEW_BRANCH} - name: Checkout new branch - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ env.NEW_BRANCH }} @@ -115,7 +115,7 @@ jobs: run: echo "GITHUB_ORG=${GITHUB_REPOSITORY%%/*}" >> $GITHUB_ENV - name: Checkout master - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: master @@ -132,7 +132,7 @@ jobs: run: git push origin HEAD:${NEW_BRANCH} - name: Checkout new branch - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ env.NEW_BRANCH }} diff --git a/.github/workflows/release-x-manual-docker-containers.yml b/.github/workflows/release-x-manual-docker-containers.yml index eb3c001e680..b376923d5b4 100644 --- a/.github/workflows/release-x-manual-docker-containers.yml +++ b/.github/workflows/release-x-manual-docker-containers.yml @@ -58,7 +58,7 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Checkout tag - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ inputs.release_number }} diff --git a/.github/workflows/release-x-manual-helm-chart.yml b/.github/workflows/release-x-manual-helm-chart.yml index a1105697c7d..719071c68e0 100644 --- a/.github/workflows/release-x-manual-helm-chart.yml +++ b/.github/workflows/release-x-manual-helm-chart.yml @@ -43,7 +43,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ inputs.release_number }} fetch-depth: 0 @@ -77,7 +77,7 @@ jobs: echo "chart_version=$(ls build | cut -d '-' -f 2,3 | sed 's|\.tgz||')" >> $GITHUB_ENV - name: Create release ${{ inputs.release_number }} - uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1 + uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # v2.4.2 with: name: '${{ inputs.release_number }} 🌈' tag_name: ${{ inputs.release_number }} diff --git a/.github/workflows/release-x-nightly.yml b/.github/workflows/release-x-nightly.yml index 52eb16d079f..9ce48ef4254 100644 --- a/.github/workflows/release-x-nightly.yml +++ b/.github/workflows/release-x-nightly.yml @@ -39,7 +39,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ inputs.branch-to-build }} diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 4639ecea596..fdb4ae1b5fd 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -21,4 +21,4 @@ jobs: uses: suzuki-shunsuke/github-action-renovate-config-validator@c22827f47f4f4a5364bdba19e1fe36907ef1318e # v1.1.1 with: strict: "true" - validator_version: 41.168.0 # renovate: datasource=github-releases depName=renovatebot/renovate + validator_version: 42.27.0 # renovate: datasource=github-releases depName=renovatebot/renovate diff --git a/.github/workflows/rest-framework-tests.yml b/.github/workflows/rest-framework-tests.yml index 23aa9a0af0c..591f9cabf27 100644 --- a/.github/workflows/rest-framework-tests.yml +++ b/.github/workflows/rest-framework-tests.yml @@ -30,7 +30,7 @@ jobs: echo $GITHUB_ENV - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false diff --git a/.github/workflows/ruff.yml b/.github/workflows/ruff.yml index 72db9fb9b2a..58a56dc5aa0 100644 --- a/.github/workflows/ruff.yml +++ b/.github/workflows/ruff.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Install Ruff Linter run: pip install -r requirements-lint.txt diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 99a51ddcf6d..cb53b4b76ad 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Run ShellCheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0 diff --git a/.github/workflows/test-helm-chart.yml b/.github/workflows/test-helm-chart.yml index 8fa56ea0ba9..e448160859f 100644 --- a/.github/workflows/test-helm-chart.yml +++ b/.github/workflows/test-helm-chart.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false fetch-depth: 0 @@ -22,7 +22,7 @@ jobs: - name: Set up Helm uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 - - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: 3.14 # Renovate helper is not needed here @@ -32,9 +32,9 @@ jobs: helm dependency update ./helm/defectdojo - name: Set up chart-testing - uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 + uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0 with: - yamale_version: 6.0.0 # renovate: datasource=pypi depName=yamale versioning=semver + yamale_version: 6.1.0 # renovate: datasource=pypi depName=yamale versioning=semver yamllint_version: 1.37.1 # renovate: datasource=pypi depName=yamllint versioning=semver - name: Determine target branch @@ -106,7 +106,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} @@ -114,7 +114,12 @@ jobs: - name: Update values in HELM chart if: startsWith(github.head_ref, 'renovate/') || startsWith(github.head_ref, 'dependabot/') run: | - yq -i '.annotations."artifacthub.io/changes" += "- kind: changed\n description: ${{ github.event.pull_request.title }}\n"' helm/defectdojo/Chart.yaml + title=${{ github.event.pull_request.title }} + chars='{}:[],&*#?|-<>=!%@' + for c in $(echo "$chars" | grep -o .); do + title="${title//"$c"/_}" + done + yq -i '.annotations."artifacthub.io/changes" += "- kind: changed\n description: $title\n"' helm/defectdojo/Chart.yaml git add helm/defectdojo/Chart.yaml git commit -m "ci: update Chart annotations from PR #${{ github.event.pull_request.number }}" || echo "No changes to commit" @@ -142,7 +147,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Generate values schema json uses: losisin/helm-values-schema-json-action@660c441a4a507436a294fc55227e1df54aca5407 # v2.3.1 @@ -162,7 +167,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false fetch-depth: 0 @@ -184,7 +189,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Run ah lint working-directory: ./helm/defectdojo run: |- diff --git a/.github/workflows/update-sample-data.yml b/.github/workflows/update-sample-data.yml index 14f453cadc0..e208e57a46a 100644 --- a/.github/workflows/update-sample-data.yml +++ b/.github/workflows/update-sample-data.yml @@ -16,7 +16,7 @@ jobs: steps: # Checkout the repository - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ github.ref_name || 'dev'}} @@ -43,7 +43,7 @@ jobs: git push --set-upstream origin $(git rev-parse --abbrev-ref HEAD) - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: "Update sample data" diff --git a/.github/workflows/validate_docs_build.yml b/.github/workflows/validate_docs_build.yml index 01e2371bec3..f83d6d189b8 100644 --- a/.github/workflows/validate_docs_build.yml +++ b/.github/workflows/validate_docs_build.yml @@ -12,13 +12,13 @@ jobs: - name: Setup Hugo uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0 with: - hugo-version: '0.152.1' # renovate: datasource=github-releases depName=gohugoio/hugo + hugo-version: '0.152.2' # renovate: datasource=github-releases depName=gohugoio/hugo extended: true - name: Setup Node uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: - node-version: '24.11.0' # TODO: Renovate helper might not be needed here - needs to be fully tested + node-version: '24.11.1' # TODO: Renovate helper might not be needed here - needs to be fully tested - name: Cache dependencies uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 @@ -29,7 +29,7 @@ jobs: ${{ runner.os }}-node- - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: submodules: recursive fetch-depth: 0 diff --git a/Dockerfile.integration-tests-debian b/Dockerfile.integration-tests-debian index 06cf3b7c435..2041a086c72 100644 --- a/Dockerfile.integration-tests-debian +++ b/Dockerfile.integration-tests-debian @@ -1,7 +1,7 @@ # code: language=Dockerfile -FROM openapitools/openapi-generator-cli:v7.16.0@sha256:e56372add5e038753fb91aa1bbb470724ef58382fdfc35082bf1b3e079ce353c AS openapitools +FROM openapitools/openapi-generator-cli:v7.17.0@sha256:868b97eb4e5080d2cdfd5b3eeaa4d52e4bbb7c56f14e234b08b0b0bc4f38a78f AS openapitools # currently only supports x64, no arm yet due to chrome and selenium dependencies FROM python:3.13.7-slim-trixie@sha256:5f55cdf0c5d9dc1a415637a5ccc4a9e18663ad203673173b8cda8f8dcacef689 AS build WORKDIR /app diff --git a/Dockerfile.nginx-alpine b/Dockerfile.nginx-alpine index 7c608d08444..aa867828a2f 100644 --- a/Dockerfile.nginx-alpine +++ b/Dockerfile.nginx-alpine @@ -63,7 +63,7 @@ COPY dojo/ ./dojo/ # always collect static for debug toolbar as we can't make it dependant on env variables or build arguments without breaking docker layer caching RUN env DD_SECRET_KEY='.' DD_DJANGO_DEBUG_TOOLBAR_ENABLED=True python3 manage.py collectstatic --noinput --verbosity=2 && true -FROM nginx:1.29.2-alpine3.22@sha256:61e01287e546aac28a3f56839c136b31f590273f3b41187a36f46f6a03bbfe22 +FROM nginx:1.29.3-alpine3.22@sha256:b3c656d55d7ad751196f21b7fd2e8d4da9cb430e32f646adcf92441b72f82b14 ARG uid=1001 ARG appuser=defectdojo COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/ diff --git a/components/package.json b/components/package.json index 564f54c63a0..b133070063f 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.52.3", + "version": "2.53.0", "license" : "BSD-3-Clause", "private": true, "dependencies": { @@ -12,7 +12,7 @@ "chosen-bootstrap": "https://github.com/dbtek/chosen-bootstrap", "chosen-js": "^1.8.7", "clipboard": "^2.0.11", - "datatables.net": "^2.3.4", + "datatables.net": "^2.3.5", "datatables.net-buttons-bs": "^3.2.5", "datatables.net-colreorder": "^2.1.2", "drmonty-datatables-plugins": "^1.0.0", diff --git a/components/yarn.lock b/components/yarn.lock index 9df054d62d4..6c1c95ef183 100644 --- a/components/yarn.lock +++ b/components/yarn.lock @@ -219,10 +219,10 @@ datatables.net@2.3.2: dependencies: jquery ">=1.7" -datatables.net@^2, datatables.net@^2.3.4: - version "2.3.4" - resolved "https://registry.yarnpkg.com/datatables.net/-/datatables.net-2.3.4.tgz#8cf69f2e6cb8d271be3d5c4f75a479684d20f253" - integrity sha512-fKuRlrBIdpAl2uIFgl9enKecHB41QmFd/2nN9LBbOvItV/JalAxLcyqdZXex7wX4ZXjnJQEnv6xeS9veOpKzSw== +datatables.net@^2, datatables.net@^2.3.5: + version "2.3.5" + resolved "https://registry.yarnpkg.com/datatables.net/-/datatables.net-2.3.5.tgz#a35cc1209edb7525ea68ebc3e7d3af6e3f30a758" + integrity sha512-Qrwc+vuw8GHo42u1usWTuriNAMW0VvLPSW3j8g3GxvatiD8wS/ZGW32VAYLLfmF4Hz0C/fo2KB3xZBfcpqqVTQ== dependencies: jquery ">=1.7" diff --git a/docker-compose.override.dev.yml b/docker-compose.override.dev.yml index 65b39e350ec..bc31139a352 100644 --- a/docker-compose.override.dev.yml +++ b/docker-compose.override.dev.yml @@ -60,4 +60,4 @@ services: protocol: tcp mode: host "webhook.endpoint": - image: mccutchen/go-httpbin:2.18.3@sha256:3992f3763e9ce5a4307eae0a869a78b4df3931dc8feba74ab823dd2444af6a6b + image: mccutchen/go-httpbin:2.19.0@sha256:be41c6c3772393c097e15f9f8ac381de4ce9e9841c545556af98fbe2e707c619 diff --git a/docker-compose.override.unit_tests_cicd.yml b/docker-compose.override.unit_tests_cicd.yml index 0acd340ce4c..1151d43600a 100644 --- a/docker-compose.override.unit_tests_cicd.yml +++ b/docker-compose.override.unit_tests_cicd.yml @@ -13,7 +13,7 @@ services: condition: service_started environment: PYTHONWARNINGS: error # We are strict about Warnings during testing - DD_DEBUG: 'True' + DD_DEBUG: 'False' DD_LOG_LEVEL: 'ERROR' DD_TEST_DATABASE_NAME: ${DD_TEST_DATABASE_NAME:-test_defectdojo} DD_DATABASE_NAME: ${DD_TEST_DATABASE_NAME:-test_defectdojo} diff --git a/docker-compose.yml b/docker-compose.yml index 24832c74e3e..ada66ba1a57 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -120,7 +120,7 @@ services: source: ./docker/extra_settings target: /app/docker/extra_settings postgres: - image: postgres:18.0-alpine@sha256:48c8ad3a7284b82be4482a52076d47d879fd6fb084a1cbfccbd551f9331b0e40 + image: postgres:18.1-alpine@sha256:154ea39af68ff30dec041cd1f1b5600009993724c811dbadde54126eb10bedd1 environment: POSTGRES_DB: ${DD_DATABASE_NAME:-defectdojo} POSTGRES_USER: ${DD_DATABASE_USER:-defectdojo} diff --git a/docker/entrypoint-unit-tests.sh b/docker/entrypoint-unit-tests.sh index 21e9465fc48..bc1ddaea7ea 100755 --- a/docker/entrypoint-unit-tests.sh +++ b/docker/entrypoint-unit-tests.sh @@ -80,16 +80,16 @@ echo "Unit Tests" echo "------------------------------------------------------------" # Removing parallel and shuffle for now to maintain stability -python3 manage.py test unittests -v 3 --keepdb --no-input --exclude-tag="non-parallel" --exclude-tag="transactional" || { +python3 manage.py test unittests --keepdb --no-input --exclude-tag="non-parallel" --exclude-tag="transactional" || { exit 1; } -python3 manage.py test unittests -v 3 --keepdb --no-input --tag="non-parallel" || { +python3 manage.py test unittests --keepdb --no-input --tag="non-parallel" || { exit 1; } # Running one unit tests that inherits from TransactionTestCase somehow changes the behaviour of how Django loads fixtures into the database. # Meaning any test after this one would fail to load our dojo_testdata.json fixture. In a way this makes sense as it contains some data integrity problems. # I tried to fix these in https://github.com/DefectDojo/django-DefectDojo/pull/13217. # For now here we run the only TranscationTestCase at the end to avoid the problem. -python3 manage.py test unittests -v 3 --keepdb --no-input --tag="transactional" || { +python3 manage.py test unittests --keepdb --no-input --tag="transactional" || { exit 1; } diff --git a/docker/entrypoint-uwsgi.sh b/docker/entrypoint-uwsgi.sh index f15f2b49958..0628ab3390a 100755 --- a/docker/entrypoint-uwsgi.sh +++ b/docker/entrypoint-uwsgi.sh @@ -27,9 +27,9 @@ python3 manage.py check DD_UWSGI_LOGFORMAT_DEFAULT='[pid: %(pid)|app: -|req: -/-] %(addr) (%(dd_user)) {%(vars) vars in %(pktsize) bytes} [%(ctime)] %(method) %(uri) => generated %(rsize) bytes in %(msecs) msecs (%(proto) %(status)) %(headers) headers in %(hsize) bytes (%(switches) switches on core %(core))' -EXTRA_ARGS="" +DD_UWSGI_EXTRA_ARGS="${DD_UWSGI_EXTRA_ARGS:-}" if [ -n "${DD_UWSGI_MAX_FD}" ]; then - EXTRA_ARGS="${EXTRA_ARGS} --max-fd ${DD_UWSGI_MAX_FD}" + DD_UWSGI_EXTRA_ARGS="${DD_UWSGI_EXTRA_ARGS} --max-fd ${DD_UWSGI_MAX_FD}" fi exec uwsgi \ @@ -42,5 +42,5 @@ exec uwsgi \ --buffer-size="${DD_UWSGI_BUFFER_SIZE:-8192}" \ --http 0.0.0.0:8081 --http-to "${DD_UWSGI_ENDPOINT}" \ --logformat "${DD_UWSGI_LOGFORMAT:-$DD_UWSGI_LOGFORMAT_DEFAULT}" \ - $EXTRA_ARGS + $DD_UWSGI_EXTRA_ARGS # HTTP endpoint is enabled for Kubernetes liveness checks. It should not be exposed as a service. diff --git a/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md b/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md index 8645d3ba184..c702099f7bc 100644 --- a/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md +++ b/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md @@ -32,6 +32,10 @@ Any vulnerabilities which were not contained in the previous import will be adde If any incoming Findings match Findings that already exist, the incoming Findings will be discarded rather than recorded as Duplicates. These Findings have been recorded already \- no need to add a new Finding object. The Test page will show these Findings as **Left Untouched**. +### Fields fix_available and fix_version + +If any incoming Findings match Findings that already exist, the incoming Finding is checked if the fields `fix_available` and `fix_version` differ and are updated if yes. These Findings have been recorded already \- no need to add a new Finding object. The Test page will show these Findings as **Left Untouched**. + ### Close Findings If there are any Findings that already exist in the Test but which are not present in the incoming report, you can choose to automatically set those Findings to Inactive and Mitigated (on the assumption that those vulnerabilities have been resolved since the previous import). The Test page will show these Findings as **Closed**. diff --git a/docs/content/en/connecting_your_tools/parsers/file/openreports.md b/docs/content/en/connecting_your_tools/parsers/file/openreports.md new file mode 100644 index 00000000000..c3ec62d9a42 --- /dev/null +++ b/docs/content/en/connecting_your_tools/parsers/file/openreports.md @@ -0,0 +1,136 @@ +--- +title: "OpenReports" +toc_hide: true +--- + +Import vulnerability scan reports formatted as [OpenReports](https://github.com/openreports/reports-api). + +OpenReports is a Kubernetes-native reporting framework that aggregates vulnerability scan results and compliance checks from various security tools into a unified format. It provides a standardized API for collecting and reporting security findings across your Kubernetes infrastructure. + +### File Types + +DefectDojo parser accepts a .json file. + +### Exporting Reports from Kubernetes + +To export OpenReports from your Kubernetes cluster, use kubectl: + +```bash +kubectl get reports -A -ojson > reports.json +``` + +This command retrieves all Report objects from all namespaces and saves them in JSON format. You can then import the `reports.json` file into DefectDojo. + +To export reports from a specific namespace: + +```bash +kubectl get reports -n -ojson > reports.json +``` + +### Report Formats + +The parser supports multiple input formats: + +- Single Report object +- Array of Report objects +- Kubernetes List object containing Report items + +### Sample Scan Data + +Sample OpenReports scans can be found in the [unittests/scans/openreports directory](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/openreports). + +### Supported Fields + +The parser extracts the following information from OpenReports JSON: + +- **Metadata**: Report name, namespace, UID for stable deduplication +- **Scope**: Kubernetes resource information (kind, name, namespace) +- **Results**: Individual security findings with: + - Message and description + - Policy ID (e.g., CVE identifiers) + - Severity (critical, high, medium, low, info) + - Category (e.g., "vulnerability scan", "compliance check") + - Source scanner information + - Package details (name, installed version, fixed version) + - References and URLs + +### Severity Mapping + +OpenReports severity levels are mapped to DefectDojo as follows: + +| OpenReports Severity | DefectDojo Severity | +|----------------------|---------------------| +| critical | Critical | +| high | High | +| medium | Medium | +| low | Low | +| info | Info | + +### Result Status Mapping + +The `result` field in OpenReports is mapped to DefectDojo finding status: + +| OpenReports Result | Active | Verified | Description | +|--------------------|--------|----------|------------------------------------------------| +| fail | True | True | Finding requires attention | +| warn | True | True | Warning-level finding | +| pass | False | False | Check passed, no vulnerability found | +| skip | False | False | Check was skipped | + +### Features + +**CVE Tracking**: Findings with CVE policy IDs are automatically tagged with vulnerability identifiers. + +**Fix Availability**: The parser automatically sets the `fix_available` flag when a fixed version is provided. + +**Service Mapping**: Findings are mapped to services based on Kubernetes scope (namespace/kind/name). + +**Stable Deduplication**: Uses report UID from metadata for consistent deduplication across reimports. + +**Tagging**: Findings are automatically tagged with category, source scanner, and Kubernetes resource kind. + +### Example JSON Format + +```json +{ + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "name": "deployment-test-app-630fc", + "namespace": "test", + "uid": "b1fcca57-2efd-44d3-89e9-949e29b61936" + }, + "scope": { + "kind": "Deployment", + "name": "test-app" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + } + ] +} +``` + +### Default Deduplication Hashcode Fields + +By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/): + +- unique_id_from_tool (format: `report_uid:policy:package_name`) +- title +- severity +- vulnerability ids (for CVE findings) +- description + +The parser uses the report UID from metadata to create a stable `unique_id_from_tool` that persists across reimports. diff --git a/docs/content/en/customize_dojo/user_management/configure_sso.md b/docs/content/en/customize_dojo/user_management/configure_sso.md index b66fa08dbf7..da6c9ca5f33 100644 --- a/docs/content/en/customize_dojo/user_management/configure_sso.md +++ b/docs/content/en/customize_dojo/user_management/configure_sso.md @@ -511,7 +511,7 @@ If during the login process you get the following error: *The in the client app settings.* and the `redirect_uri` HTTP GET parameter starts with `http://` instead of `https://` you need to add -`SOCIAL_AUTH_REDIRECT_IS_HTTPS = True` to Docker environment variables, or to your `local_settings.py` file. +`DD_SOCIAL_AUTH_REDIRECT_IS_HTTPS = True` to Docker Compose environment variables, or `SOCIAL_AUTH_REDIRECT_IS_HTTPS` to your `local_settings.py` file. 2. Restart DefectDojo, and 'Login With Okta' should appear on the login screen. diff --git a/docs/content/en/open_source/installation/running-in-production.md b/docs/content/en/open_source/installation/running-in-production.md index e060d1e212c..30404e74046 100644 --- a/docs/content/en/open_source/installation/running-in-production.md +++ b/docs/content/en/open_source/installation/running-in-production.md @@ -53,7 +53,7 @@ Media files for uploaded files, including threat models and risk acceptance, are ### uWSGI By default (except in `ptvsd` mode for debug purposes), uWSGI will -handle 4 concurrent connections. +handle 16 concurrent connections. Based on your resource settings, you can tweak: diff --git a/docs/content/en/open_source/upgrading/2.53.md b/docs/content/en/open_source/upgrading/2.53.md new file mode 100644 index 00000000000..b6970b87fc9 --- /dev/null +++ b/docs/content/en/open_source/upgrading/2.53.md @@ -0,0 +1,92 @@ +--- +title: 'Upgrading to DefectDojo Version 2.53.x' +toc_hide: true +weight: -20251103 +description: "Helm chart: changes for initializer annotations + Replaced Redis with Valkey + HPA & PDB support" +--- + +## Helm Chart Changes + +- This release introduces an important change to the Helm chart configuration for the initializer job. +- DefectDojo `2.52.0` replaced Redis with Valkey in `docker-compose` deployment. DefectDojo `2.53.0` (chart `1.9.0`) is replacing it in HELM charts. +- Add support for HPA and PDB + +#### HPA & PDA + +Added Helm chart support for Celery and Django deployments for Horizontal Pod Autoscaler using `.autoscaling` fields under each section. And Pod Disruption Budget using `.podDisruptionBudget` for any of Celery Beat/Worker or Django deploy + +### Breaking changes + +#### Valkey + +##### Renamed values + +HELM values had been changed to the following: +- `createRedisSecret` → `createValkeySecret` +- `redis.enabled` → `valkey.enabled` +- `redis.auth.existingSecret` → `valkey.auth.existingSecret`, plus value is pointing to secret `defectdojo-valkey-specific` now +- `redis.auth.existingSecretPasswordKey` → `valkey.auth.existingSecretPasswordKey`, plus value is pointing to secret `valkey-password` now +- `redis.auth.password` → `valkey.auth.password` +- `redis.master.service.ports.redis` → `valkey.service.port` +- `redis.sentinel...` → `valkey.sentinel...` +- `redis.tls...` → `valkey.tls...` + +The whole subchart is based on [`cloudpirates-valkey`](https://artifacthub.io/packages/helm/cloudpirates-valkey/valkey), so all additional values can be found there. + +If an external Redis instance is being used, set the parameter `valkey.enabled` to `False`. The parameters `redisServer` and `redisParams` remain available and function as before. Additionally, `redisScheme` and `redisPort` have been introduced to accommodate users requiring these configurations. + +##### How to migrate to Valkey + +0. As always, perform a backup of your instance +1. If you would like to be 100% sure that you do not miss any async event (triggered deduplication, email notification, ...) it is recommended to perform the following substeps (if your system is not in production and/or you are willing to miss some notifications or postpone deduplication to a later time, feel free to skip these substeps) + 0. Perform the following steps with your previous version of HELM chart (not with the upgraded one - you might lose your data) + 1. Downscale all producers of async tasks: + - Set `django.replicas` to 0 (if you used HPA, adjust it based on your needs) + - Set `celery.beat.replicas` to 0 (if you used HPA, adjust it based on your needs) + - Do not change `celery.worker.replicas` (they are responsible for processing your async tasks) + 2. Wait until the processing queue is empty (choose one of the following methods): + - ``kubectl exec statefulset/defectdojo-redis-master -c redis -- redis-cli -a `kubectl get secret defectdojo-redis-specific -o go-template='{{index .data "redis-password" | base64decode}}'` llen celery`` -- should output 0 (if your HELM chart used a different name, adjust the command based on your environment) + - `kubectl logs deployment/defectdojo-celery-worker -c celery --all-pods=true --follow` -- should stop outputting new task logs +2. Replace values based on the _Renamed values_ part, update the chart version, and set the number of replicas back. Be aware that Valkey is using a password from the new location, and if you use `createRedisSecret`/`createValkeySecret` password will be regenerated. If you stored this password somewhere else, it will not be valid anymore. +3. Enjoy DefectDojo + +#### Initializer Annotation Handling + +- **Renamed initializer annotations**: The `initializer.annotations` field has been renamed to `initializer.podAnnotations` for clarity and consistency with other DefectDojo resources. +- **Merged annotation support**: Global `extraAnnotations` are now automatically merged with the initializer's `podAnnotations` to ensure consistent annotation handling across all resources. + +> The previous implementation did not merge global `extraAnnotations` with the initializer job's pod annotations, causing inconsistencies in annotation management. + +##### Moved values + +The following Helm chart values have been modified in this release: + +- `initializer.annotations` → `initializer.podAnnotations` (applies to Pod template metadata within the Job) + +Note: `initializer.jobAnnotations` affects the Job spec metadata, while `initializer.podAnnotations` affects the Pod template metadata within the Job. + +##### Migration + +If you were using: + +```yaml +initializer: + annotations: + foo: bar +``` + +Update to: + +```yaml +initializer: + podAnnotations: + foo: bar +``` + +Both `extraAnnotations` and `initializer.podAnnotations` will now be properly applied to the initializer pod. + +## Reimport updates fields fix_available and fix_version + +Reimport will update existing findings `fix_available` and `fix_version` fields based on the incoming scan report. + +There are no other special instructions for upgrading to 2.53.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.53.0) for the contents of the release. diff --git a/docs/content/en/share_your_findings/troubleshooting_jira.md b/docs/content/en/share_your_findings/troubleshooting_jira.md index aecdb8f1bcf..2b671b9e12d 100644 --- a/docs/content/en/share_your_findings/troubleshooting_jira.md +++ b/docs/content/en/share_your_findings/troubleshooting_jira.md @@ -101,6 +101,34 @@ To correct this issue, you can add the 'Epic Name' field to your Project's issue ![image](images/epic_name_error.png) +## Configuring JIRA Connection Retries and Timeouts + +DefectDojo's JIRA integration includes configurable retry and timeout settings to handle rate limiting and connection issues. These settings are important for maintaining system responsiveness, especially when using Celery workers. + +### Available Configuration Variables + +The following environment variables control JIRA connection behavior: + +- **`DD_JIRA_MAX_RETRIES`** (default: `3`): Maximum number of retry attempts for recoverable errors. The integration will automatically retry on HTTP 429 (Too Many Requests), HTTP 503 (Service Unavailable), and connection errors. See the [JIRA rate limiting documentation](https://developer.atlassian.com/cloud/jira/platform/rate-limiting/) for more information. + +- **`DD_JIRA_CONNECT_TIMEOUT`** (default: `10` seconds): Connection timeout for establishing a connection to the JIRA server. + +- **`DD_JIRA_READ_TIMEOUT`** (default: `30` seconds): Read timeout for waiting for a response from the JIRA server after the connection is established. + +**Note on Rate Limiting**: The jira library has a built-in maximum wait time of 60 seconds for rate limiting retries. If JIRA's `Retry-After` header indicates a wait time longer than 60 seconds, the request will fail and not be retried. This is a limitation of the jira library version currently in use. + +### Why Conservative Values Matter + +**Important**: It is recommended to use conservative (lower) values for these settings. Here's why: + +1. **Celery Task Blocking**: JIRA operations in DefectDojo run as asynchronous Celery tasks. When a task is waiting for a retry delay, it blocks that Celery worker from processing other tasks. + +2. **Worker Pool Exhaustion**: If multiple JIRA operations are retrying with long delays, you can quickly exhaust your Celery worker pool, causing other tasks (not just JIRA-related) to queue up and wait. + +3. **System Responsiveness**: Long retry delays can make the system appear unresponsive, especially during JIRA outages or rate limiting events. + +JIRA Rate limiting is new, so please let us know on Slack or GitHub what works best for you. + ## Jira and DefectDojo are out of sync Sometimes Jira is down, or DefectDojo is down, or there was bug in a webhook. In this case, Jira can become out of sync with DefectDojo. If this is the case for lots of issues, manual reconciliation might not be feasible. For this scenario there is the management command 'jira_status_reconciliation'. diff --git a/docs/content/supported_tools/parsers/api/_index.md b/docs/content/supported_tools/parsers/api/_index.md index 14859189003..2cc476beda1 100644 --- a/docs/content/supported_tools/parsers/api/_index.md +++ b/docs/content/supported_tools/parsers/api/_index.md @@ -11,14 +11,21 @@ All parsers that use API pull have common basic configuration steps, but with di Follow these steps to set up API importing: +## Tool Configuration + 1. Configure the API authentication details by navigating to `Configuration -> Tool Configuration -> Add Tool Configuration`. Enter a `Name`, selecting the related `Tool Type` and `Authentication Type` "API Key". Paste your credentials - to the proper fields based on definitions below. + into the proper fields based on the selected parser. + +## Product-Level Configuration + +1. Navigate to `Products -> All Products` and select a product from the list. + +2. Click on `Settings` and select `Add API Scan Configuration` -2. In the `Product` settings select `Add API Scan Configuration` and select the - previously added `Tool Configuration`. Provide values based on definitions below. +3. Select the previously added `Tool Configuration` and provide additional values based on the selected parser. -3. After this is done, you can import the findings on the `Product` page through - `Findings -> Import Scan Results`. As the `Scan type`, select the related type, - the API scan configuration from the last step, and click `Import`. +4. After this is done, you can import the findings on the `Product` page through + `Findings -> Import Scan Results`. As the `Scan type`, select the related type + (the `API Scan Configuration` created above) and click `Import`. diff --git a/docs/content/supported_tools/parsers/api/sonarqube.md b/docs/content/supported_tools/parsers/api/sonarqube.md index 2fe14567d6f..3f38e022ebe 100644 --- a/docs/content/supported_tools/parsers/api/sonarqube.md +++ b/docs/content/supported_tools/parsers/api/sonarqube.md @@ -2,20 +2,24 @@ title: "SonarQube API Import" toc_hide: true --- -All parsers which using API have common basic configuration step but with different values. Please, [read these steps](../) at first. +All parsers that use API pull have common basic configuration steps, but with different values. Please, [read these steps](../) first. -In `Tool Configuration`, select `Tool Type` to "SonarQube" and `Authentication Type` "API Key". -Note the url must be in the format of `https:///api` +## Tool Configuration + +In `Tool Configuration`, select `Tool Type` "SonarQube" and `Authentication Type` "API Key". +The URL must be in the format of `https:///api` Paste your SonarQube API token in the "API Key" field. -By default the tool will import vulnerabilities issues -and security hotspots only, but additional filters can be setup using the -Extras field separated by commas (e.g. `BUG,VULNERABILITY,CODE_SMELL`). When using -SonarCloud, you must also specify the Organization ID in the Extras field as follows -`OrgID=sonarcloud-organzation-ID`. If also specifying issue type filters, please -seperate the items in the Extras field by a vertical bar as follows -`BUG,VULNERABILITY,CODE_SMELL|OrgID=sonarcloud-organzation-ID` - -In "Add API Scan Configuration" +By default, the tool will import vulnerability issues +and security hotspots only, but additional filters can be applied using the +"Extras" field separated by commas (e.g. `BUG,VULNERABILITY,CODE_SMELL`). When using +SonarCloud, you must also specify the Organization ID in the "Extras" field (e.g. +`OrgID=sonarcloud-organzation-ID`). When also specifying issue type filters, please +separate the items in the "Extras" field by a vertical bar (e.g. +`BUG,VULNERABILITY,CODE_SMELL|OrgID=sonarcloud-organzation-ID`) + +## Product-Level Configuration + +In `Add API Scan Configuration` - `Service key 1` must be the SonarQube project key, which can be found by navigating to a specific project and selecting the value from the url @@ -24,23 +28,29 @@ In "Add API Scan Configuration" use the name of the Product as the project key in SonarQube. If you would like to import findings from multiple projects, you can specify multiple keys as separated `API Scan Configuration` in the `Product` settings. -- If using SonarCloud, the orginization ID can be used from step 1, but it - can be overiden by supplying a different orginization ID in the `Service key 2` input field. +- If using SonarCloud, the organization ID can be used from step 1, but it + can be overridden by supplying a different organization ID in the `Service key 2` input field. ## Multiple SonarQube API Configurations -In the import or re-import dialog you can select which `API Scan +In the import or re-import dialog, you can select which `API Scan Configuration` shall be used. If you do not choose any, DefectDojo will use the `API Scan Configuration` of the Product if there is only one defined or the SonarQube `Tool Configuration` if there is only one. -## Multi Branch Scanning +## Multi-Branch Scanning -If using a version of SonarQube with multi branch scanning, the branch tha be scanned can -be supplied in the `branch_tag` fieild at import/re-import time. If the branch does not exist, -a notification will be generated in the alerts table indicating that branch to be imported +If using a version of SonarQube with multi-branch scanning, the branch to be scanned can +be supplied in the `branch_tag` field at import/re-import time. If the branch does not exist, +a notification will be generated in the alerts table, indicating that branch to be imported does not exist. If a branch name is not supplied during import/re-import, the default branch of the SonarQube project will be used. -**Note:**: If `https` is used for the SonarQube, the certificate must be -trusted by the DefectDojo instance. +## Custom Trust + +If you are connecting to SonarQube via HTTPS, the issuer of the certificate that is presented by +SonarQube must be trusted. + +One way of achieving this is by defining the `REQUESTS_CA_BUNDLE` environment variable to point +to a PEM-encoded certificate file in the container (e.g. `REQUESTS_CA_BUNDLE=/app/media/cacerts.pem`). +To ensure the certificate is persisted, the file should be in a mounted volume. \ No newline at end of file diff --git a/docs/content/supported_tools/parsers/file/n0s1.md b/docs/content/supported_tools/parsers/file/n0s1.md new file mode 100644 index 00000000000..c310a20a505 --- /dev/null +++ b/docs/content/supported_tools/parsers/file/n0s1.md @@ -0,0 +1,18 @@ +--- +title: "n0s1 Scanner" +toc_hide: true +--- + +### File Types +Parser n0s1 expects a JSON file of scanner n0s1. + +### Sample Scan Data +Sample n0s1 scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/n0s1). + +### Link To Tool +See n0s1 on GitHub: https://github.com/spark1security/n0s1 + +### Default Deduplication Hashcode Fields +By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/): + +- description diff --git a/docs/content/supported_tools/parsers/file/openreports.md b/docs/content/supported_tools/parsers/file/openreports.md new file mode 100644 index 00000000000..d19f81c1d4e --- /dev/null +++ b/docs/content/supported_tools/parsers/file/openreports.md @@ -0,0 +1,21 @@ +--- +title: "OpenReports" +toc_hide: true +--- +Import JSON reports from [OpenReports](https://github.com/openreports/reports-api). + +### File Types + +DefectDojo parser accepts a .json file. + +OpenReports JSON files can be exported from Kubernetes clusters using kubectl: + +```bash +kubectl get reports -A -ojson > reports.json +``` + +The parser supports single Report objects, arrays of Reports, or Kubernetes List objects. + +### Sample Scan Data + +Sample OpenReports scans can be found in the [unittests/scans/openreports directory](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/openreports). diff --git a/docs/content/supported_tools/parsers/file/zora.md b/docs/content/supported_tools/parsers/file/zora.md new file mode 100644 index 00000000000..3403c082f63 --- /dev/null +++ b/docs/content/supported_tools/parsers/file/zora.md @@ -0,0 +1,9 @@ + +--- +title: "Zora Parser" +toc_hide: true +--- +Zora scan results can be exported from the [Zora platform](https://github.com/undistro/zora) + +### Sample Scan Data +Zora scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/zora). \ No newline at end of file diff --git a/docs/package-lock.json b/docs/package-lock.json index 26c62b5a377..aaf7bf14240 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -9,8 +9,8 @@ "version": "1.8.0", "license": "MIT", "dependencies": { - "@docsearch/css": "4.2.0", - "@docsearch/js": "4.2.0", + "@docsearch/css": "4.3.2", + "@docsearch/js": "4.3.2", "@tabler/icons": "3.35.0", "@thulite/doks-core": "1.8.3", "@thulite/images": "3.3.3", @@ -19,8 +19,8 @@ "thulite": "2.6.3" }, "devDependencies": { - "prettier": "3.6.2", - "vite": "7.1.11" + "prettier": "3.7.2", + "vite": "7.2.4" }, "engines": { "node": ">=20.11.0" @@ -83,6 +83,7 @@ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.4.tgz", "integrity": "sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA==", "license": "MIT", + "peer": true, "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", @@ -1481,16 +1482,19 @@ } }, "node_modules/@docsearch/css": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/@docsearch/css/-/css-4.2.0.tgz", - "integrity": "sha512-65KU9Fw5fGsPPPlgIghonMcndyx1bszzrDQYLfierN+Ha29yotMHzVS94bPkZS6On9LS8dE4qmW4P/fGjtCf/g==", + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/@docsearch/css/-/css-4.3.2.tgz", + "integrity": "sha512-K3Yhay9MgkBjJJ0WEL5MxnACModX9xuNt3UlQQkDEDZJZ0+aeWKtOkxHNndMRkMBnHdYvQjxkm6mdlneOtU1IQ==", "license": "MIT" }, "node_modules/@docsearch/js": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/@docsearch/js/-/js-4.2.0.tgz", - "integrity": "sha512-KBHVPO29QiGUFJYeAqxW0oXtGf/aghNmRrIRPT4/28JAefqoCkNn/ZM/jeQ7fHjl0KNM6C+KlLVYjwyz6lNZnA==", - "license": "MIT" + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/@docsearch/js/-/js-4.3.2.tgz", + "integrity": "sha512-xdfpPXMgKRY9EW7U1vtY7gLKbLZFa9ed+t0Dacquq8zXBqAlH9HlUf0h4Mhxm0xatsVeMaIR2wr/u6g0GsZyQw==", + "license": "MIT", + "dependencies": { + "htm": "3.1.1" + } }, "node_modules/@esbuild/aix-ppc64": { "version": "0.25.11", @@ -2120,6 +2124,7 @@ "resolved": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz", "integrity": "sha512-P1st0aksCrn9sGZhp8GMYwBnQsbvAWsZAX44oXNNvLHGqAOcoVxmjZiohstwQ7SqKnbR47akdNi+uleWD8+g6A==", "license": "MIT", + "peer": true, "funding": { "type": "opencollective", "url": "https://opencollective.com/popperjs" @@ -2726,6 +2731,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "baseline-browser-mapping": "^2.8.19", "caniuse-lite": "^1.0.30001751", @@ -3318,6 +3324,12 @@ "node": ">= 0.4" } }, + "node_modules/htm": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/htm/-/htm-3.1.1.tgz", + "integrity": "sha512-983Vyg8NwUE7JkZ6NmOqpCZ+sh1bKv2iYTlUkzlWmA5JD2acKoxd4KVxbMmxX/85mtfdnDmTFoNKcg5DGAvxNQ==", + "license": "Apache-2.0" + }, "node_modules/inflight": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", @@ -3797,6 +3809,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "nanoid": "^3.3.11", "picocolors": "^1.1.1", @@ -3931,9 +3944,9 @@ "license": "MIT" }, "node_modules/prettier": { - "version": "3.6.2", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.6.2.tgz", - "integrity": "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ==", + "version": "3.7.2", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.7.2.tgz", + "integrity": "sha512-n3HV2J6QhItCXndGa3oMWvWFAgN1ibnS7R9mt6iokScBOC0Ul9/iZORmU2IWUMcyAQaMPjTlY3uT34TqocUxMA==", "dev": true, "license": "MIT", "bin": { @@ -4453,6 +4466,7 @@ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz", "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "license": "MIT", + "peer": true, "engines": { "node": ">=12" }, @@ -4558,9 +4572,9 @@ "license": "MIT" }, "node_modules/vite": { - "version": "7.1.11", - "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.11.tgz", - "integrity": "sha512-uzcxnSDVjAopEUjljkWh8EIrg6tlzrjFUfMcR1EVsRDGwf/ccef0qQPRyOrROwhrTDaApueq+ja+KLPlzR/zdg==", + "version": "7.2.4", + "resolved": "https://registry.npmjs.org/vite/-/vite-7.2.4.tgz", + "integrity": "sha512-NL8jTlbo0Tn4dUEXEsUg8KeyG/Lkmc4Fnzb8JXN/Ykm9G4HNImjtABMJgkQoVjOBN/j2WAwDTRytdqJbZsah7w==", "dev": true, "license": "MIT", "dependencies": { @@ -4656,6 +4670,7 @@ "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "dev": true, "license": "MIT", + "peer": true, "engines": { "node": ">=12" }, diff --git a/docs/package.json b/docs/package.json index 69785ab15ee..34632cb1913 100644 --- a/docs/package.json +++ b/docs/package.json @@ -16,8 +16,8 @@ "preview": "vite preview --outDir public" }, "dependencies": { - "@docsearch/css": "4.2.0", - "@docsearch/js": "4.2.0", + "@docsearch/css": "4.3.2", + "@docsearch/js": "4.3.2", "@tabler/icons": "3.35.0", "@thulite/doks-core": "1.8.3", "@thulite/images": "3.3.3", @@ -26,8 +26,8 @@ "thulite": "2.6.3" }, "devDependencies": { - "prettier": "3.6.2", - "vite": "7.1.11" + "prettier": "3.7.2", + "vite": "7.2.4" }, "engines": { "node": ">=20.11.0" diff --git a/dojo/__init__.py b/dojo/__init__.py index 5ddbfa246b6..13641d30772 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = "2.52.3" +__version__ = "2.53.0" __url__ = "https://github.com/DefectDojo/django-DefectDojo" __docs__ = "https://documentation.defectdojo.com" diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py index 7acd0eac1ab..2f884b3bb4a 100644 --- a/dojo/api_v2/serializers.py +++ b/dojo/api_v2/serializers.py @@ -114,6 +114,7 @@ Vulnerability_Id_Template, get_current_date, ) +from dojo.notifications.helper import create_notification from dojo.product_announcements import ( LargeScanSizeProductAnnouncement, ScanTypeProductAnnouncement, @@ -1949,6 +1950,16 @@ def create(self, validated_data): if push_to_jira: jira_helper.push_to_jira(new_finding) + # Create a notification + create_notification( + event="finding_added", + title=_("Addition of %s") % new_finding.title, + finding=new_finding, + description=_('Finding "%s" was added by %s') % (new_finding.title, new_finding.reporter), + url=reverse("view_finding", args=(new_finding.id,)), + icon="exclamation-triangle", + ) + return new_finding def validate(self, data): diff --git a/dojo/db_migrations/0247_remove_finding_insert_insert_and_more.py b/dojo/db_migrations/0247_remove_finding_insert_insert_and_more.py new file mode 100644 index 00000000000..43bad6c2a7c --- /dev/null +++ b/dojo/db_migrations/0247_remove_finding_insert_insert_and_more.py @@ -0,0 +1,49 @@ +# Generated by Django 5.1.13 on 2025-11-01 12:54 + +import pgtrigger.compiler +import pgtrigger.migrations +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0246_endpoint_idx_ep_product_lower_host_and_more'), + ] + + operations = [ + pgtrigger.migrations.RemoveTrigger( + model_name='finding', + name='insert_insert', + ), + pgtrigger.migrations.RemoveTrigger( + model_name='finding', + name='update_update', + ), + pgtrigger.migrations.RemoveTrigger( + model_name='finding', + name='delete_delete', + ), + migrations.AddField( + model_name='finding', + name='fix_version', + field=models.CharField(blank=True, help_text='Version of the affected component in which the flaw is fixed.', max_length=100, null=True, verbose_name='Fix version'), + ), + migrations.AddField( + model_name='findingevent', + name='fix_version', + field=models.CharField(blank=True, help_text='Version of the affected component in which the flaw is fixed.', max_length=100, null=True, verbose_name='Fix version'), + ), + pgtrigger.migrations.AddTrigger( + model_name='finding', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_findingevent" ("active", "component_name", "component_version", "created", "cve", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "cwe", "date", "defect_review_requested_by_id", "description", "duplicate", "duplicate_finding_id", "dynamic_finding", "effort_for_fixing", "epss_percentile", "epss_score", "false_p", "file_path", "fix_available", "fix_version", "hash_code", "id", "impact", "is_mitigated", "kev_date", "known_exploited", "last_reviewed", "last_reviewed_by_id", "last_status_update", "line", "mitigated", "mitigated_by_id", "mitigation", "nb_occurences", "numerical_severity", "out_of_scope", "param", "payload", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "planned_remediation_date", "planned_remediation_version", "publish_date", "ransomware_used", "refs", "reporter_id", "review_requested_by_id", "risk_accepted", "sast_sink_object", "sast_source_file_path", "sast_source_line", "sast_source_object", "scanner_confidence", "service", "severity", "severity_justification", "sla_expiration_date", "sla_start_date", "sonarqube_issue_id", "static_finding", "steps_to_reproduce", "test_id", "thread_id", "title", "under_defect_review", "under_review", "unique_id_from_tool", "url", "verified", "vuln_id_from_tool") VALUES (NEW."active", NEW."component_name", NEW."component_version", NEW."created", NEW."cve", NEW."cvssv3", NEW."cvssv3_score", NEW."cvssv4", NEW."cvssv4_score", NEW."cwe", NEW."date", NEW."defect_review_requested_by_id", NEW."description", NEW."duplicate", NEW."duplicate_finding_id", NEW."dynamic_finding", NEW."effort_for_fixing", NEW."epss_percentile", NEW."epss_score", NEW."false_p", NEW."file_path", NEW."fix_available", NEW."fix_version", NEW."hash_code", NEW."id", NEW."impact", NEW."is_mitigated", NEW."kev_date", NEW."known_exploited", NEW."last_reviewed", NEW."last_reviewed_by_id", NEW."last_status_update", NEW."line", NEW."mitigated", NEW."mitigated_by_id", NEW."mitigation", NEW."nb_occurences", NEW."numerical_severity", NEW."out_of_scope", NEW."param", NEW."payload", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."planned_remediation_date", NEW."planned_remediation_version", NEW."publish_date", NEW."ransomware_used", NEW."refs", NEW."reporter_id", NEW."review_requested_by_id", NEW."risk_accepted", NEW."sast_sink_object", NEW."sast_source_file_path", NEW."sast_source_line", NEW."sast_source_object", NEW."scanner_confidence", NEW."service", NEW."severity", NEW."severity_justification", NEW."sla_expiration_date", NEW."sla_start_date", NEW."sonarqube_issue_id", NEW."static_finding", NEW."steps_to_reproduce", NEW."test_id", NEW."thread_id", NEW."title", NEW."under_defect_review", NEW."under_review", NEW."unique_id_from_tool", NEW."url", NEW."verified", NEW."vuln_id_from_tool"); RETURN NULL;', hash='7420e87ec2d068d96796af35888c418c547b768a', operation='INSERT', pgid='pgtrigger_insert_insert_2fbbb', table='dojo_finding', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='finding', + trigger=pgtrigger.compiler.Trigger(name='update_update', sql=pgtrigger.compiler.UpsertTriggerSql(condition='WHEN (OLD."active" IS DISTINCT FROM (NEW."active") OR OLD."component_name" IS DISTINCT FROM (NEW."component_name") OR OLD."component_version" IS DISTINCT FROM (NEW."component_version") OR OLD."cve" IS DISTINCT FROM (NEW."cve") OR OLD."cvssv3" IS DISTINCT FROM (NEW."cvssv3") OR OLD."cvssv3_score" IS DISTINCT FROM (NEW."cvssv3_score") OR OLD."cvssv4" IS DISTINCT FROM (NEW."cvssv4") OR OLD."cvssv4_score" IS DISTINCT FROM (NEW."cvssv4_score") OR OLD."cwe" IS DISTINCT FROM (NEW."cwe") OR OLD."date" IS DISTINCT FROM (NEW."date") OR OLD."defect_review_requested_by_id" IS DISTINCT FROM (NEW."defect_review_requested_by_id") OR OLD."description" IS DISTINCT FROM (NEW."description") OR OLD."duplicate" IS DISTINCT FROM (NEW."duplicate") OR OLD."duplicate_finding_id" IS DISTINCT FROM (NEW."duplicate_finding_id") OR OLD."dynamic_finding" IS DISTINCT FROM (NEW."dynamic_finding") OR OLD."effort_for_fixing" IS DISTINCT FROM (NEW."effort_for_fixing") OR OLD."epss_percentile" IS DISTINCT FROM (NEW."epss_percentile") OR OLD."epss_score" IS DISTINCT FROM (NEW."epss_score") OR OLD."false_p" IS DISTINCT FROM (NEW."false_p") OR OLD."file_path" IS DISTINCT FROM (NEW."file_path") OR OLD."fix_available" IS DISTINCT FROM (NEW."fix_available") OR OLD."fix_version" IS DISTINCT FROM (NEW."fix_version") OR OLD."hash_code" IS DISTINCT FROM (NEW."hash_code") OR OLD."id" IS DISTINCT FROM (NEW."id") OR OLD."impact" IS DISTINCT FROM (NEW."impact") OR OLD."is_mitigated" IS DISTINCT FROM (NEW."is_mitigated") OR OLD."kev_date" IS DISTINCT FROM (NEW."kev_date") OR OLD."known_exploited" IS DISTINCT FROM (NEW."known_exploited") OR OLD."last_reviewed" IS DISTINCT FROM (NEW."last_reviewed") OR OLD."last_reviewed_by_id" IS DISTINCT FROM (NEW."last_reviewed_by_id") OR OLD."line" IS DISTINCT FROM (NEW."line") OR OLD."mitigated" IS DISTINCT FROM (NEW."mitigated") OR OLD."mitigated_by_id" IS DISTINCT FROM (NEW."mitigated_by_id") OR OLD."mitigation" IS DISTINCT FROM (NEW."mitigation") OR OLD."nb_occurences" IS DISTINCT FROM (NEW."nb_occurences") OR OLD."numerical_severity" IS DISTINCT FROM (NEW."numerical_severity") OR OLD."out_of_scope" IS DISTINCT FROM (NEW."out_of_scope") OR OLD."param" IS DISTINCT FROM (NEW."param") OR OLD."payload" IS DISTINCT FROM (NEW."payload") OR OLD."planned_remediation_date" IS DISTINCT FROM (NEW."planned_remediation_date") OR OLD."planned_remediation_version" IS DISTINCT FROM (NEW."planned_remediation_version") OR OLD."publish_date" IS DISTINCT FROM (NEW."publish_date") OR OLD."ransomware_used" IS DISTINCT FROM (NEW."ransomware_used") OR OLD."refs" IS DISTINCT FROM (NEW."refs") OR OLD."reporter_id" IS DISTINCT FROM (NEW."reporter_id") OR OLD."review_requested_by_id" IS DISTINCT FROM (NEW."review_requested_by_id") OR OLD."risk_accepted" IS DISTINCT FROM (NEW."risk_accepted") OR OLD."sast_sink_object" IS DISTINCT FROM (NEW."sast_sink_object") OR OLD."sast_source_file_path" IS DISTINCT FROM (NEW."sast_source_file_path") OR OLD."sast_source_line" IS DISTINCT FROM (NEW."sast_source_line") OR OLD."sast_source_object" IS DISTINCT FROM (NEW."sast_source_object") OR OLD."scanner_confidence" IS DISTINCT FROM (NEW."scanner_confidence") OR OLD."service" IS DISTINCT FROM (NEW."service") OR OLD."severity" IS DISTINCT FROM (NEW."severity") OR OLD."severity_justification" IS DISTINCT FROM (NEW."severity_justification") OR OLD."sla_expiration_date" IS DISTINCT FROM (NEW."sla_expiration_date") OR OLD."sla_start_date" IS DISTINCT FROM (NEW."sla_start_date") OR OLD."sonarqube_issue_id" IS DISTINCT FROM (NEW."sonarqube_issue_id") OR OLD."static_finding" IS DISTINCT FROM (NEW."static_finding") OR OLD."steps_to_reproduce" IS DISTINCT FROM (NEW."steps_to_reproduce") OR OLD."test_id" IS DISTINCT FROM (NEW."test_id") OR OLD."thread_id" IS DISTINCT FROM (NEW."thread_id") OR OLD."title" IS DISTINCT FROM (NEW."title") OR OLD."under_defect_review" IS DISTINCT FROM (NEW."under_defect_review") OR OLD."under_review" IS DISTINCT FROM (NEW."under_review") OR OLD."unique_id_from_tool" IS DISTINCT FROM (NEW."unique_id_from_tool") OR OLD."url" IS DISTINCT FROM (NEW."url") OR OLD."verified" IS DISTINCT FROM (NEW."verified") OR OLD."vuln_id_from_tool" IS DISTINCT FROM (NEW."vuln_id_from_tool"))', func='INSERT INTO "dojo_findingevent" ("active", "component_name", "component_version", "created", "cve", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "cwe", "date", "defect_review_requested_by_id", "description", "duplicate", "duplicate_finding_id", "dynamic_finding", "effort_for_fixing", "epss_percentile", "epss_score", "false_p", "file_path", "fix_available", "fix_version", "hash_code", "id", "impact", "is_mitigated", "kev_date", "known_exploited", "last_reviewed", "last_reviewed_by_id", "last_status_update", "line", "mitigated", "mitigated_by_id", "mitigation", "nb_occurences", "numerical_severity", "out_of_scope", "param", "payload", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "planned_remediation_date", "planned_remediation_version", "publish_date", "ransomware_used", "refs", "reporter_id", "review_requested_by_id", "risk_accepted", "sast_sink_object", "sast_source_file_path", "sast_source_line", "sast_source_object", "scanner_confidence", "service", "severity", "severity_justification", "sla_expiration_date", "sla_start_date", "sonarqube_issue_id", "static_finding", "steps_to_reproduce", "test_id", "thread_id", "title", "under_defect_review", "under_review", "unique_id_from_tool", "url", "verified", "vuln_id_from_tool") VALUES (NEW."active", NEW."component_name", NEW."component_version", NEW."created", NEW."cve", NEW."cvssv3", NEW."cvssv3_score", NEW."cvssv4", NEW."cvssv4_score", NEW."cwe", NEW."date", NEW."defect_review_requested_by_id", NEW."description", NEW."duplicate", NEW."duplicate_finding_id", NEW."dynamic_finding", NEW."effort_for_fixing", NEW."epss_percentile", NEW."epss_score", NEW."false_p", NEW."file_path", NEW."fix_available", NEW."fix_version", NEW."hash_code", NEW."id", NEW."impact", NEW."is_mitigated", NEW."kev_date", NEW."known_exploited", NEW."last_reviewed", NEW."last_reviewed_by_id", NEW."last_status_update", NEW."line", NEW."mitigated", NEW."mitigated_by_id", NEW."mitigation", NEW."nb_occurences", NEW."numerical_severity", NEW."out_of_scope", NEW."param", NEW."payload", _pgh_attach_context(), NOW(), \'update\', NEW."id", NEW."planned_remediation_date", NEW."planned_remediation_version", NEW."publish_date", NEW."ransomware_used", NEW."refs", NEW."reporter_id", NEW."review_requested_by_id", NEW."risk_accepted", NEW."sast_sink_object", NEW."sast_source_file_path", NEW."sast_source_line", NEW."sast_source_object", NEW."scanner_confidence", NEW."service", NEW."severity", NEW."severity_justification", NEW."sla_expiration_date", NEW."sla_start_date", NEW."sonarqube_issue_id", NEW."static_finding", NEW."steps_to_reproduce", NEW."test_id", NEW."thread_id", NEW."title", NEW."under_defect_review", NEW."under_review", NEW."unique_id_from_tool", NEW."url", NEW."verified", NEW."vuln_id_from_tool"); RETURN NULL;', hash='d7e612a41414689328bb28abab60a073aa989fad', operation='UPDATE', pgid='pgtrigger_update_update_92175', table='dojo_finding', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='finding', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_findingevent" ("active", "component_name", "component_version", "created", "cve", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "cwe", "date", "defect_review_requested_by_id", "description", "duplicate", "duplicate_finding_id", "dynamic_finding", "effort_for_fixing", "epss_percentile", "epss_score", "false_p", "file_path", "fix_available", "fix_version", "hash_code", "id", "impact", "is_mitigated", "kev_date", "known_exploited", "last_reviewed", "last_reviewed_by_id", "last_status_update", "line", "mitigated", "mitigated_by_id", "mitigation", "nb_occurences", "numerical_severity", "out_of_scope", "param", "payload", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "planned_remediation_date", "planned_remediation_version", "publish_date", "ransomware_used", "refs", "reporter_id", "review_requested_by_id", "risk_accepted", "sast_sink_object", "sast_source_file_path", "sast_source_line", "sast_source_object", "scanner_confidence", "service", "severity", "severity_justification", "sla_expiration_date", "sla_start_date", "sonarqube_issue_id", "static_finding", "steps_to_reproduce", "test_id", "thread_id", "title", "under_defect_review", "under_review", "unique_id_from_tool", "url", "verified", "vuln_id_from_tool") VALUES (OLD."active", OLD."component_name", OLD."component_version", OLD."created", OLD."cve", OLD."cvssv3", OLD."cvssv3_score", OLD."cvssv4", OLD."cvssv4_score", OLD."cwe", OLD."date", OLD."defect_review_requested_by_id", OLD."description", OLD."duplicate", OLD."duplicate_finding_id", OLD."dynamic_finding", OLD."effort_for_fixing", OLD."epss_percentile", OLD."epss_score", OLD."false_p", OLD."file_path", OLD."fix_available", OLD."fix_version", OLD."hash_code", OLD."id", OLD."impact", OLD."is_mitigated", OLD."kev_date", OLD."known_exploited", OLD."last_reviewed", OLD."last_reviewed_by_id", OLD."last_status_update", OLD."line", OLD."mitigated", OLD."mitigated_by_id", OLD."mitigation", OLD."nb_occurences", OLD."numerical_severity", OLD."out_of_scope", OLD."param", OLD."payload", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."planned_remediation_date", OLD."planned_remediation_version", OLD."publish_date", OLD."ransomware_used", OLD."refs", OLD."reporter_id", OLD."review_requested_by_id", OLD."risk_accepted", OLD."sast_sink_object", OLD."sast_source_file_path", OLD."sast_source_line", OLD."sast_source_object", OLD."scanner_confidence", OLD."service", OLD."severity", OLD."severity_justification", OLD."sla_expiration_date", OLD."sla_start_date", OLD."sonarqube_issue_id", OLD."static_finding", OLD."steps_to_reproduce", OLD."test_id", OLD."thread_id", OLD."title", OLD."under_defect_review", OLD."under_review", OLD."unique_id_from_tool", OLD."url", OLD."verified", OLD."vuln_id_from_tool"); RETURN NULL;', hash='b78d66e2d4e1cb791b58b944a8b9204f13fe1552', operation='DELETE', pgid='pgtrigger_delete_delete_72933', table='dojo_finding', when='AFTER')), + ), + ] diff --git a/dojo/db_migrations/0248_alter_general_survey_expiration.py b/dojo/db_migrations/0248_alter_general_survey_expiration.py new file mode 100644 index 00000000000..9ebe7e37ac4 --- /dev/null +++ b/dojo/db_migrations/0248_alter_general_survey_expiration.py @@ -0,0 +1,19 @@ +# Generated by Django 5.1.14 on 2025-11-17 20:31 + +import dojo.models +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0247_remove_finding_insert_insert_and_more'), + ] + + operations = [ + migrations.AlterField( + model_name='general_survey', + name='expiration', + field=models.DateTimeField(default=dojo.models.default_expiration), + ), + ] diff --git a/dojo/finding/deduplication.py b/dojo/finding/deduplication.py new file mode 100644 index 00000000000..7f334236dbf --- /dev/null +++ b/dojo/finding/deduplication.py @@ -0,0 +1,564 @@ +import logging +from operator import attrgetter + +import hyperlink +from django.conf import settings +from django.db.models import Prefetch +from django.db.models.query_utils import Q + +from dojo.celery import app +from dojo.decorators import dojo_async_task, dojo_model_from_id, dojo_model_to_id +from dojo.models import Finding, System_Settings + +logger = logging.getLogger(__name__) +deduplicationLogger = logging.getLogger("dojo.specific-loggers.deduplication") + + +def get_finding_models_for_deduplication(finding_ids): + """ + Load findings with optimal prefetching for deduplication operations. + This avoids N+1 queries when accessing test, engagement, product, endpoints, and original_finding. + + Args: + finding_ids: A list of Finding IDs + + Returns: + A list of Finding models with related objects prefetched + + """ + if not finding_ids: + return [] + + return list( + Finding.objects.filter(id__in=finding_ids) + .select_related("test", "test__engagement", "test__engagement__product", "test__test_type") + .prefetch_related( + "endpoints", + # Prefetch duplicates of each finding to avoid N+1 when set_duplicate iterates + Prefetch( + "original_finding", + queryset=Finding.objects.only("id", "duplicate_finding_id").order_by("-id"), + ), + ), + ) + + +@dojo_model_to_id +@dojo_async_task +@app.task +@dojo_model_from_id +def do_dedupe_finding_task(new_finding, *args, **kwargs): + return do_dedupe_finding(new_finding, *args, **kwargs) + + +@dojo_async_task +@app.task +def do_dedupe_batch_task(finding_ids, *args, **kwargs): + """ + Async task to deduplicate a batch of findings. The findings are assumed to be in the same test. + Similar to post_process_findings_batch but focused only on deduplication. + """ + # Load findings with proper prefetching + findings = get_finding_models_for_deduplication(finding_ids) + + if not findings: + logger.debug(f"no findings found for batch deduplication with IDs: {finding_ids}") + return + + # Batch dedupe + dedupe_batch_of_findings(findings) + + +def do_dedupe_finding(new_finding, *args, **kwargs): + from dojo.utils import get_custom_method # noqa: PLC0415 -- circular import + if dedupe_method := get_custom_method("FINDING_DEDUPE_METHOD"): + return dedupe_method(new_finding, *args, **kwargs) + + try: + enabled = System_Settings.objects.get(no_cache=True).enable_deduplication + except System_Settings.DoesNotExist: + logger.warning("system settings not found") + enabled = False + + if enabled: + deduplicationLogger.debug("dedupe for: " + str(new_finding.id) + + ":" + str(new_finding.title)) + deduplicationAlgorithm = new_finding.test.deduplication_algorithm + deduplicationLogger.debug("deduplication algorithm: " + deduplicationAlgorithm) + if deduplicationAlgorithm == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL: + deduplicate_unique_id_from_tool(new_finding) + elif deduplicationAlgorithm == settings.DEDUPE_ALGO_HASH_CODE: + deduplicate_hash_code(new_finding) + elif deduplicationAlgorithm == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE: + deduplicate_uid_or_hash_code(new_finding) + else: + deduplicationLogger.debug("no configuration per parser found; using legacy algorithm") + deduplicate_legacy(new_finding) + else: + deduplicationLogger.debug("dedupe: skipping dedupe because it's disabled in system settings get()") + return None + + +def deduplicate_legacy(new_finding): + _dedupe_batch_legacy([new_finding]) + + +def deduplicate_unique_id_from_tool(new_finding): + _dedupe_batch_unique_id([new_finding]) + + +def deduplicate_hash_code(new_finding): + _dedupe_batch_hash_code([new_finding]) + + +def deduplicate_uid_or_hash_code(new_finding): + _dedupe_batch_uid_or_hash([new_finding]) + + +def set_duplicate(new_finding, existing_finding): + deduplicationLogger.debug(f"new_finding.status(): {new_finding.id} {new_finding.status()}") + deduplicationLogger.debug(f"existing_finding.status(): {existing_finding.id} {existing_finding.status()}") + if existing_finding.duplicate: + deduplicationLogger.debug("existing finding: %s:%s:duplicate=%s;duplicate_finding=%s", existing_finding.id, existing_finding.title, existing_finding.duplicate, existing_finding.duplicate_finding.id if existing_finding.duplicate_finding else "None") + msg = "Existing finding is a duplicate" + raise Exception(msg) + if existing_finding.id == new_finding.id: + msg = "Can not add duplicate to itself" + raise Exception(msg) + if is_duplicate_reopen(new_finding, existing_finding): + msg = "Found a regression. Ignore this so that a new duplicate chain can be made" + raise Exception(msg) + if new_finding.duplicate and finding_mitigated(existing_finding): + msg = "Skip this finding as we do not want to attach a new duplicate to a mitigated finding" + raise Exception(msg) + + deduplicationLogger.debug("Setting new finding " + str(new_finding.id) + " as a duplicate of existing finding " + str(existing_finding.id)) + new_finding.duplicate = True + new_finding.active = False + new_finding.verified = False + new_finding.duplicate_finding = existing_finding + + # Make sure transitive duplication is flattened + # if A -> B and B is made a duplicate of C here, afterwards: + # A -> C and B -> C should be true + # Ordering is ensured by the prefetch in post_process_findings_batch + # (we prefetch "original_finding" ordered by -id), so avoid calling + # order_by here to prevent bypassing the prefetch cache. + for find in new_finding.original_finding.all(): + new_finding.original_finding.remove(find) + set_duplicate(find, existing_finding) + existing_finding.found_by.add(new_finding.test.test_type) + logger.debug("saving new finding: %d", new_finding.id) + super(Finding, new_finding).save() + logger.debug("saving existing finding: %d", existing_finding.id) + super(Finding, existing_finding).save() + + +def is_duplicate_reopen(new_finding, existing_finding) -> bool: + return finding_mitigated(existing_finding) and finding_not_human_set_status(existing_finding) and not finding_mitigated(new_finding) + + +def finding_mitigated(finding: Finding) -> bool: + return finding.active is False and (finding.is_mitigated is True or finding.mitigated is not None) + + +def finding_not_human_set_status(finding: Finding) -> bool: + return finding.out_of_scope is False and finding.false_p is False + + +def set_duplicate_reopen(new_finding, existing_finding): + logger.debug("duplicate reopen existing finding") + existing_finding.mitigated = new_finding.mitigated + existing_finding.is_mitigated = new_finding.is_mitigated + existing_finding.active = new_finding.active + existing_finding.verified = new_finding.verified + existing_finding.notes.create(author=existing_finding.reporter, + entry="This finding has been automatically re-opened as it was found in recent scans.") + existing_finding.save() + + +def is_deduplication_on_engagement_mismatch(new_finding, to_duplicate_finding): + if new_finding.test.engagement != to_duplicate_finding.test.engagement: + deduplication_mismatch = new_finding.test.engagement.deduplication_on_engagement \ + or to_duplicate_finding.test.engagement.deduplication_on_engagement + if deduplication_mismatch: + deduplicationLogger.debug(f"deduplication_mismatch: {deduplication_mismatch} for new_finding {new_finding.id} and to_duplicate_finding {to_duplicate_finding.id} with test.engagement {new_finding.test.engagement.id} and {to_duplicate_finding.test.engagement.id}") + return deduplication_mismatch + return False + + +def get_endpoints_as_url(finding): + return [hyperlink.parse(str(e)) for e in finding.endpoints.all()] + + +def are_urls_equal(url1, url2, fields): + deduplicationLogger.debug("Check if url %s and url %s are equal in terms of %s.", url1, url2, fields) + for field in fields: + if (field == "scheme" and url1.scheme != url2.scheme) or (field == "host" and url1.host != url2.host): + return False + if (field == "port" and url1.port != url2.port) or (field == "path" and url1.path != url2.path) or (field == "query" and url1.query != url2.query) or (field == "fragment" and url1.fragment != url2.fragment) or (field == "userinfo" and url1.userinfo != url2.userinfo) or (field == "user" and url1.user != url2.user): + return False + return True + + +def are_endpoints_duplicates(new_finding, to_duplicate_finding): + fields = settings.DEDUPE_ALGO_ENDPOINT_FIELDS + if len(fields) == 0: + deduplicationLogger.debug("deduplication by endpoint fields is disabled") + return True + + list1 = get_endpoints_as_url(new_finding) + list2 = get_endpoints_as_url(to_duplicate_finding) + + deduplicationLogger.debug( + f"Starting deduplication by endpoint fields for finding {new_finding.id} with urls {list1} and finding {to_duplicate_finding.id} with urls {list2}", + ) + if list1 == [] and list2 == []: + return True + + for l1 in list1: + for l2 in list2: + if are_urls_equal(l1, l2, fields): + return True + + deduplicationLogger.debug(f"endpoints are not duplicates: {new_finding.id} and {to_duplicate_finding.id}") + return False + + +def build_dedupe_scope_queryset(test): + scope_on_engagement = test.engagement.deduplication_on_engagement + if scope_on_engagement: + scope_q = Q(test__engagement=test.engagement) + else: + # Product scope limited to current product, but exclude engagements that opted into engagement-scoped dedupe + scope_q = Q(test__engagement__product=test.engagement.product) & ( + Q(test__engagement=test.engagement) + | Q(test__engagement__deduplication_on_engagement=False) + ) + + return ( + Finding.objects.filter(scope_q) + .select_related("test", "test__engagement", "test__test_type") + .prefetch_related("endpoints") + ) + + +def find_candidates_for_deduplication_hash(test, findings): + base_queryset = build_dedupe_scope_queryset(test) + hash_codes = {f.hash_code for f in findings if getattr(f, "hash_code", None) is not None} + if not hash_codes: + return {} + existing_qs = ( + base_queryset.filter(hash_code__in=hash_codes) + .exclude(hash_code=None) + .exclude(duplicate=True) + .order_by("id") + ) + existing_by_hash = {} + for ef in existing_qs: + existing_by_hash.setdefault(ef.hash_code, []).append(ef) + deduplicationLogger.debug(f"Found {len(existing_by_hash)} existing findings by hash codes") + return existing_by_hash + + +def find_candidates_for_deduplication_unique_id(test, findings): + base_queryset = build_dedupe_scope_queryset(test) + unique_ids = {f.unique_id_from_tool for f in findings if getattr(f, "unique_id_from_tool", None) is not None} + if not unique_ids: + return {} + existing_qs = base_queryset.filter(unique_id_from_tool__in=unique_ids).exclude(unique_id_from_tool=None).exclude(duplicate=True).order_by("id") + # unique_id_from_tool can only apply to the same test_type because it is parser dependent + existing_qs = existing_qs.filter(test__test_type=test.test_type) + existing_by_uid = {} + for ef in existing_qs: + existing_by_uid.setdefault(ef.unique_id_from_tool, []).append(ef) + deduplicationLogger.debug(f"Found {len(existing_by_uid)} existing findings by unique IDs") + return existing_by_uid + + +def find_candidates_for_deduplication_uid_or_hash(test, findings): + base_queryset = build_dedupe_scope_queryset(test) + hash_codes = {f.hash_code for f in findings if getattr(f, "hash_code", None) is not None} + unique_ids = {f.unique_id_from_tool for f in findings if getattr(f, "unique_id_from_tool", None) is not None} + if not hash_codes and not unique_ids: + return {}, {} + + cond = Q() + if hash_codes: + cond |= Q(hash_code__isnull=False, hash_code__in=hash_codes) + if unique_ids: + # unique_id_from_tool can only apply to the same test_type because it is parser dependent + uid_q = Q(unique_id_from_tool__isnull=False, unique_id_from_tool__in=unique_ids) & Q(test__test_type=test.test_type) + cond |= uid_q + + existing_qs = base_queryset.filter(cond).exclude(duplicate=True).order_by("id") + + existing_by_hash = {} + existing_by_uid = {} + for ef in existing_qs: + if ef.hash_code is not None: + existing_by_hash.setdefault(ef.hash_code, []).append(ef) + if ef.unique_id_from_tool is not None: + existing_by_uid.setdefault(ef.unique_id_from_tool, []).append(ef) + deduplicationLogger.debug(f"Found {len(existing_by_uid)} existing findings by unique IDs") + deduplicationLogger.debug(f"Found {len(existing_by_hash)} existing findings by hash codes") + return existing_by_uid, existing_by_hash + + +def find_candidates_for_deduplication_legacy(test, findings): + base_queryset = build_dedupe_scope_queryset(test) + titles = {f.title for f in findings if getattr(f, "title", None)} + cwes = {f.cwe for f in findings if getattr(f, "cwe", 0)} + cwes.discard(0) + if not titles and not cwes: + return {}, {} + + existing_qs = base_queryset.filter(Q(title__in=titles) | Q(cwe__in=cwes)).exclude(duplicate=True).order_by("id") + + by_title = {} + by_cwe = {} + for ef in existing_qs: + if ef.title: + by_title.setdefault(ef.title, []).append(ef) + if getattr(ef, "cwe", 0): + by_cwe.setdefault(ef.cwe, []).append(ef) + deduplicationLogger.debug(f"Found {len(by_title)} existing findings by title") + deduplicationLogger.debug(f"Found {len(by_cwe)} existing findings by CWE") + deduplicationLogger.debug(f"Found {len(existing_qs)} existing findings by title or CWE") + return by_title, by_cwe + + +def _is_candidate_older(new_finding, candidate): + # Ensure the newer finding is marked as duplicate of the older finding + is_older = candidate.id < new_finding.id + if not is_older: + deduplicationLogger.debug(f"candidate is newer than or equal to new finding: {new_finding.id} and candidate {candidate.id}") + return is_older + + +def match_hash_candidate(new_finding, candidates_by_hash): + if new_finding.hash_code is None: + return None + possible_matches = candidates_by_hash.get(new_finding.hash_code, []) + deduplicationLogger.debug(f"Finding {new_finding.id}: Found {len(possible_matches)} findings with same hash_code, ids={[(c.id, c.hash_code) for c in possible_matches]}") + + for candidate in possible_matches: + if not _is_candidate_older(new_finding, candidate): + continue + if is_deduplication_on_engagement_mismatch(new_finding, candidate): + deduplicationLogger.debug("deduplication_on_engagement_mismatch, skipping dedupe.") + continue + if are_endpoints_duplicates(new_finding, candidate): + return candidate + return None + + +def match_unique_id_candidate(new_finding, candidates_by_uid): + if new_finding.unique_id_from_tool is None: + return None + + possible_matches = candidates_by_uid.get(new_finding.unique_id_from_tool, []) + deduplicationLogger.debug(f"Finding {new_finding.id}: Found {len(possible_matches)} findings with same unique_id_from_tool, ids={[(c.id, c.unique_id_from_tool) for c in possible_matches]}") + for candidate in possible_matches: + if not _is_candidate_older(new_finding, candidate): + deduplicationLogger.debug("UID: newer candidate, skipping dedupe.") + continue + if is_deduplication_on_engagement_mismatch(new_finding, candidate): + deduplicationLogger.debug("deduplication_on_engagement_mismatch, skipping dedupe.") + continue + return candidate + return None + + +def match_uid_or_hash_candidate(new_finding, candidates_by_uid, candidates_by_hash): + # Combine UID and hash candidates and walk oldest-first + uid_list = candidates_by_uid.get(new_finding.unique_id_from_tool, []) if new_finding.unique_id_from_tool is not None else [] + hash_list = candidates_by_hash.get(new_finding.hash_code, []) if new_finding.hash_code is not None else [] + deduplicationLogger.debug("Finding %s: UID_OR_HASH: uid_list ids=%s hash_list ids=%s", new_finding.id, [c.id for c in uid_list], [c.id for c in hash_list]) + combined_by_id = {c.id: c for c in uid_list} + for c in hash_list: + combined_by_id.setdefault(c.id, c) + deduplicationLogger.debug("Finding %s: UID_OR_HASH: combined candidate ids (sorted)=%s", new_finding.id, sorted(combined_by_id.keys())) + for candidate_id in sorted(combined_by_id.keys()): + candidate = combined_by_id[candidate_id] + if not _is_candidate_older(new_finding, candidate): + continue + if is_deduplication_on_engagement_mismatch(new_finding, candidate): + deduplicationLogger.debug("deduplication_on_engagement_mismatch, skipping dedupe.") + return None + if are_endpoints_duplicates(new_finding, candidate): + deduplicationLogger.debug("UID_OR_HASH: endpoints match, returning candidate %s with test_type %s unique_id_from_tool %s hash_code %s", candidate.id, candidate.test.test_type, candidate.unique_id_from_tool, candidate.hash_code) + return candidate + deduplicationLogger.debug("UID_OR_HASH: endpoints mismatch, skipping candidate %s", candidate.id) + return None + + +def match_legacy_candidate(new_finding, candidates_by_title, candidates_by_cwe): + # --------------------------------------------------------- + # 1) Collects all the findings that have the same: + # (title and static_finding and dynamic_finding) + # or (CWE and static_finding and dynamic_finding) + # as the new one + # (this is "cond1") + # --------------------------------------------------------- + candidates = [] + if getattr(new_finding, "title", None): + candidates.extend(candidates_by_title.get(new_finding.title, [])) + if getattr(new_finding, "cwe", 0): + candidates.extend(candidates_by_cwe.get(new_finding.cwe, [])) + + for candidate in candidates: + if not _is_candidate_older(new_finding, candidate): + continue + if is_deduplication_on_engagement_mismatch(new_finding, candidate): + deduplicationLogger.debug( + "deduplication_on_engagement_mismatch, skipping dedupe.") + continue + + flag_endpoints = False + flag_line_path = False + + # --------------------------------------------------------- + # 2) If existing and new findings have endpoints: compare them all + # Else look at line+file_path + # (if new finding is not static, do not deduplicate) + # --------------------------------------------------------- + + if candidate.endpoints.count() != 0 and new_finding.endpoints.count() != 0: + list1 = [str(e) for e in new_finding.endpoints.all()] + list2 = [str(e) for e in candidate.endpoints.all()] + if all(x in list1 for x in list2): + deduplicationLogger.debug("%s: existing endpoints are present in new finding", candidate.id) + flag_endpoints = True + elif new_finding.static_finding and new_finding.file_path and len(new_finding.file_path) > 0: + if str(candidate.line) == str(new_finding.line) and candidate.file_path == new_finding.file_path: + deduplicationLogger.debug("%s: file_path and line match", candidate.id) + flag_line_path = True + else: + deduplicationLogger.debug("no endpoints on one of the findings and file_path doesn't match; Deduplication will not occur") + else: + deduplicationLogger.debug("find.static/dynamic: %s/%s", candidate.static_finding, candidate.dynamic_finding) + deduplicationLogger.debug("new_finding.static/dynamic: %s/%s", new_finding.static_finding, new_finding.dynamic_finding) + deduplicationLogger.debug("find.file_path: %s", candidate.file_path) + deduplicationLogger.debug("new_finding.file_path: %s", new_finding.file_path) + deduplicationLogger.debug("no endpoints on one of the findings and the new finding is either dynamic or doesn't have a file_path; Deduplication will not occur") + + flag_hash = candidate.hash_code == new_finding.hash_code + + deduplicationLogger.debug( + "deduplication flags for new finding (" + ("dynamic" if new_finding.dynamic_finding else "static") + ") " + str(new_finding.id) + " and existing finding " + str(candidate.id) + + " flag_endpoints: " + str(flag_endpoints) + " flag_line_path:" + str(flag_line_path) + " flag_hash:" + str(flag_hash)) + + if (flag_endpoints or flag_line_path) and flag_hash: + return candidate + return None + + +def _dedupe_batch_hash_code(findings): + if not findings: + return + test = findings[0].test + candidates_by_hash = find_candidates_for_deduplication_hash(test, findings) + if not candidates_by_hash: + return + for new_finding in findings: + deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_HASH_CODE") + match = match_hash_candidate(new_finding, candidates_by_hash) + if match: + try: + set_duplicate(new_finding, match) + except Exception as e: + deduplicationLogger.debug(str(e)) + + +def _dedupe_batch_unique_id(findings): + if not findings: + return + test = findings[0].test + candidates_by_uid = find_candidates_for_deduplication_unique_id(test, findings) + if not candidates_by_uid: + return + for new_finding in findings: + deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL") + match = match_unique_id_candidate(new_finding, candidates_by_uid) + if match: + try: + set_duplicate(new_finding, match) + except Exception as e: + deduplicationLogger.debug(str(e)) + + +def _dedupe_batch_uid_or_hash(findings): + if not findings: + return + + test = findings[0].test + candidates_by_uid, existing_by_hash = find_candidates_for_deduplication_uid_or_hash(test, findings) + if not (candidates_by_uid or existing_by_hash): + return + for new_finding in findings: + deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE") + if new_finding.duplicate: + continue + + match = match_uid_or_hash_candidate(new_finding, candidates_by_uid, existing_by_hash) + if match: + try: + set_duplicate(new_finding, match) + except Exception as e: + deduplicationLogger.debug(str(e)) + continue + + +def _dedupe_batch_legacy(findings): + if not findings: + return + test = findings[0].test + candidates_by_title, candidates_by_cwe = find_candidates_for_deduplication_legacy(test, findings) + if not (candidates_by_title or candidates_by_cwe): + return + for new_finding in findings: + deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_LEGACY") + match = match_legacy_candidate(new_finding, candidates_by_title, candidates_by_cwe) + if match: + try: + set_duplicate(new_finding, match) + except Exception as e: + deduplicationLogger.debug(str(e)) + + +def dedupe_batch_of_findings(findings, *args, **kwargs): + """Batch deduplicate a list of findings. The findings are assumed to be in the same test.""" + # Pro has customer implementation which will call the Pro dedupe methods, but also the normal OS dedupe methods. + from dojo.utils import get_custom_method # noqa: PLC0415 -- circular import + if batch_dedupe_method := get_custom_method("FINDING_DEDUPE_BATCH_METHOD"): + deduplicationLogger.debug(f"Using custom deduplication method: {batch_dedupe_method.__name__}") + return batch_dedupe_method(findings, *args, **kwargs) + + if not findings: + return None + + enabled = System_Settings.objects.get().enable_deduplication + + if enabled: + # sort findings by id to ensure deduplication is deterministic/reproducible + findings = sorted(findings, key=attrgetter("id")) + + test = findings[0].test + dedup_alg = test.deduplication_algorithm + + if dedup_alg == settings.DEDUPE_ALGO_HASH_CODE: + logger.debug(f"deduplicating finding batch with DEDUPE_ALGO_HASH_CODE - {len(findings)} findings") + _dedupe_batch_hash_code(findings) + elif dedup_alg == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL: + logger.debug(f"deduplicating finding batch with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL - {len(findings)} findings") + _dedupe_batch_unique_id(findings) + elif dedup_alg == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE: + logger.debug(f"deduplicating finding batch with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE - {len(findings)} findings") + _dedupe_batch_uid_or_hash(findings) + else: + logger.debug(f"deduplicating finding batch with LEGACY - {len(findings)} findings") + _dedupe_batch_legacy(findings) + else: + deduplicationLogger.debug("dedupe: skipping dedupe because it's disabled in system settings get()") + return None diff --git a/dojo/finding/helper.py b/dojo/finding/helper.py index a1c7993d30f..277609d3153 100644 --- a/dojo/finding/helper.py +++ b/dojo/finding/helper.py @@ -19,6 +19,11 @@ from dojo.decorators import dojo_async_task, dojo_model_from_id, dojo_model_to_id from dojo.endpoint.utils import save_endpoints_to_add from dojo.file_uploads.helper import delete_related_files +from dojo.finding.deduplication import ( + dedupe_batch_of_findings, + do_dedupe_finding, + get_finding_models_for_deduplication, +) from dojo.models import ( Endpoint, Endpoint_Status, @@ -37,7 +42,6 @@ from dojo.utils import ( calculate_grade, close_external_issue, - do_dedupe_finding, do_false_positive_history, get_current_user, mass_model_updater, @@ -459,6 +463,59 @@ def post_process_finding_save_internal(finding, dedupe_option=True, rules_option jira_helper.push_to_jira(finding.finding_group) +@dojo_async_task(signature=True) +@app.task +def post_process_findings_batch_signature(finding_ids, *args, dedupe_option=True, rules_option=True, product_grading_option=True, + issue_updater_option=True, push_to_jira=False, user=None, **kwargs): + return post_process_findings_batch(finding_ids, dedupe_option, rules_option, product_grading_option, + issue_updater_option, push_to_jira, user, **kwargs) + + +@dojo_async_task +@app.task +def post_process_findings_batch(finding_ids, *args, dedupe_option=True, rules_option=True, product_grading_option=True, + issue_updater_option=True, push_to_jira=False, user=None, **kwargs): + + if not finding_ids: + return + + system_settings = System_Settings.objects.get() + + # use list() to force a complete query execution and related objects to be loaded once + findings = get_finding_models_for_deduplication(finding_ids) + + if not findings: + logger.debug(f"no findings found for batch deduplication with IDs: {finding_ids}") + return + + # Batch dedupe with single queries per algorithm; fallback to per-finding for anything else + if dedupe_option and system_settings.enable_deduplication: + dedupe_batch_of_findings(findings) + + if system_settings.false_positive_history: + # Only perform false positive history if deduplication is disabled + if system_settings.enable_deduplication: + deduplicationLogger.warning("skipping false positive history because deduplication is also enabled") + else: + for finding in findings: + do_false_positive_history(finding, *args, **kwargs) + + # Non-status changing tasks + if issue_updater_option: + for finding in findings: + tool_issue_updater.async_tool_issue_update(finding) + + if product_grading_option and system_settings.enable_product_grade: + calculate_grade(findings[0].test.engagement.product) + + if push_to_jira: + for finding in findings: + if finding.has_jira_issue or not finding.finding_group: + jira_helper.push_to_jira(finding) + else: + jira_helper.push_to_jira(finding.finding_group) + + @receiver(pre_delete, sender=Finding) def finding_pre_delete(sender, instance, **kwargs): logger.debug("finding pre_delete: %d", instance.id) diff --git a/dojo/forms.py b/dojo/forms.py index 77bbcc57266..636ce1be9c4 100644 --- a/dojo/forms.py +++ b/dojo/forms.py @@ -3632,13 +3632,14 @@ def clean_expiration(self): if expiration < today: msg = "The expiration cannot be in the past" raise forms.ValidationError(msg) - if expiration.day == today.day: + if expiration == today: msg = "The expiration cannot be today" raise forms.ValidationError(msg) - else: - msg = "An expiration for the survey must be supplied" - raise forms.ValidationError(msg) - return expiration + return timezone.make_aware( + datetime.combine(expiration, datetime.min.time()), + ) + msg = "An expiration for the survey must be supplied" + raise forms.ValidationError(msg) class Delete_Questionnaire_Form(forms.ModelForm): diff --git a/dojo/importers/default_importer.py b/dojo/importers/default_importer.py index 188a31b6acb..63f41b8f744 100644 --- a/dojo/importers/default_importer.py +++ b/dojo/importers/default_importer.py @@ -1,5 +1,6 @@ import logging +from django.conf import settings from django.core.files.uploadedfile import TemporaryUploadedFile from django.core.serializers import serialize from django.db.models.query_utils import Q @@ -157,10 +158,9 @@ def process_findings( parsed_findings: list[Finding], **kwargs: dict, ) -> list[Finding]: - # Progressive batching for chord execution - post_processing_task_signatures = [] - current_batch_number = 1 - max_batch_size = 1024 + # Batched post-processing (no chord): dispatch a task per 1000 findings or on final finding + batch_finding_ids: list[int] = [] + batch_max_size = getattr(settings, "IMPORT_REIMPORT_DEDUPE_BATCH_SIZE", 1000) """ Saves findings in memory that were parsed from the scan report into the database. @@ -237,32 +237,34 @@ def process_findings( finding = self.process_vulnerability_ids(finding) # Categorize this finding as a new one new_findings.append(finding) - # all data is already saved on the finding, we only need to trigger post processing - - # We create a signature for the post processing task so we can decide to apply it async or sync + # all data is already saved on the finding, we only need to trigger post processing in batches push_to_jira = self.push_to_jira and (not self.findings_groups_enabled or not self.group_by) - post_processing_task_signature = finding_helper.post_process_finding_save_signature( - finding, - dedupe_option=True, - rules_option=True, - product_grading_option=False, - issue_updater_option=True, - push_to_jira=push_to_jira, - ) - - post_processing_task_signatures.append(post_processing_task_signature) - - # Check if we should launch a chord (batch full or end of findings) - if we_want_async(async_user=self.user) and post_processing_task_signatures: - post_processing_task_signatures, current_batch_number, _ = self.maybe_launch_post_processing_chord( - post_processing_task_signatures, - current_batch_number, - max_batch_size, - is_final_finding, - ) - else: - # Execute task immediately for synchronous processing - post_processing_task_signature() + batch_finding_ids.append(finding.id) + + # If batch is full or we're at the end, dispatch one batched task + if len(batch_finding_ids) >= batch_max_size or is_final_finding: + finding_ids_batch = list(batch_finding_ids) + batch_finding_ids.clear() + if we_want_async(async_user=self.user): + finding_helper.post_process_findings_batch_signature( + finding_ids_batch, + dedupe_option=True, + rules_option=True, + product_grading_option=True, + issue_updater_option=True, + push_to_jira=push_to_jira, + )() + else: + finding_helper.post_process_findings_batch( + finding_ids_batch, + dedupe_option=True, + rules_option=True, + product_grading_option=True, + issue_updater_option=True, + push_to_jira=push_to_jira, + ) + + # No chord: tasks are dispatched immediately above per batch for (group_name, findings) in group_names_to_findings_dict.items(): finding_helper.add_findings_to_auto_group( diff --git a/dojo/importers/default_reimporter.py b/dojo/importers/default_reimporter.py index 4813d92453a..10b3ac7148a 100644 --- a/dojo/importers/default_reimporter.py +++ b/dojo/importers/default_reimporter.py @@ -183,9 +183,7 @@ def process_findings( self.unchanged_items = [] self.group_names_to_findings_dict = {} # Progressive batching for chord execution - post_processing_task_signatures = [] - current_batch_number = 1 - max_batch_size = 1024 + # No chord: we dispatch per 1000 findings or on the final finding logger.debug(f"starting reimport of {len(parsed_findings) if parsed_findings else 0} items.") logger.debug("STEP 1: looping over findings from the reimported report and trying to match them to existing findings") @@ -205,6 +203,9 @@ def process_findings( continue cleaned_findings.append(sanitized) + batch_finding_ids: list[int] = [] + batch_max_size = 1000 + for idx, unsaved_finding in enumerate(cleaned_findings): is_final = idx == len(cleaned_findings) - 1 # Some parsers provide "mitigated" field but do not set timezone (because they are probably not available in the report) @@ -255,31 +256,34 @@ def process_findings( finding, unsaved_finding, ) - # all data is already saved on the finding, we only need to trigger post processing - - # Execute post-processing task immediately if async, otherwise execute synchronously + # all data is already saved on the finding, we only need to trigger post processing in batches push_to_jira = self.push_to_jira and (not self.findings_groups_enabled or not self.group_by) - - post_processing_task_signature = finding_helper.post_process_finding_save_signature( - finding, - dedupe_option=True, - rules_option=True, - product_grading_option=False, - issue_updater_option=True, - push_to_jira=push_to_jira, - ) - post_processing_task_signatures.append(post_processing_task_signature) - - # Check if we should launch a chord (batch full or end of findings) - if we_want_async(async_user=self.user) and post_processing_task_signatures: - post_processing_task_signatures, current_batch_number, _ = self.maybe_launch_post_processing_chord( - post_processing_task_signatures, - current_batch_number, - max_batch_size, - is_final, - ) - else: - post_processing_task_signature() + batch_finding_ids.append(finding.id) + + # If batch is full or we're at the end, dispatch one batched task + if len(batch_finding_ids) >= batch_max_size or is_final: + finding_ids_batch = list(batch_finding_ids) + batch_finding_ids.clear() + if we_want_async(async_user=self.user): + finding_helper.post_process_findings_batch_signature( + finding_ids_batch, + dedupe_option=True, + rules_option=True, + product_grading_option=True, + issue_updater_option=True, + push_to_jira=push_to_jira, + )() + else: + finding_helper.post_process_findings_batch( + finding_ids_batch, + dedupe_option=True, + rules_option=True, + product_grading_option=True, + issue_updater_option=True, + push_to_jira=push_to_jira, + ) + + # No chord: tasks are dispatched immediately above per batch self.to_mitigate = (set(self.original_items) - set(self.reactivated_items) - set(self.unchanged_items)) # due to #3958 we can have duplicates inside the same report @@ -483,6 +487,10 @@ def process_matched_mitigated_finding( to cover circumstances where mitigation timestamps are different, and decide which one to honor """ + if existing_finding.fix_available != unsaved_finding.fix_available: + existing_finding.fix_available = unsaved_finding.fix_available + existing_finding.fix_version = unsaved_finding.fix_version + # if the reimported item has a mitigation time, we can compare if unsaved_finding.is_mitigated: # The new finding is already mitigated, so nothing to change on the @@ -592,6 +600,9 @@ def process_matched_active_finding( # First check that the existing finding is definitely not mitigated if not (existing_finding.mitigated and existing_finding.is_mitigated): logger.debug("Reimported item matches a finding that is currently open.") + if existing_finding.fix_available != unsaved_finding.fix_available: + existing_finding.fix_available = unsaved_finding.fix_available + existing_finding.fix_version = unsaved_finding.fix_version if unsaved_finding.is_mitigated: logger.debug("Reimported mitigated item matches a finding that is currently open, closing.") # TODO: Implement a date comparison for opened defectdojo findings before closing them by reimporting, diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py index bf2b0101fed..b42d6e10f59 100644 --- a/dojo/jira_link/helper.py +++ b/dojo/jira_link/helper.py @@ -208,7 +208,6 @@ def can_be_pushed_to_jira(obj, form=None): return False, f"Finding below the minimum JIRA severity threshold ({System_Settings.objects.get().jira_minimum_severity}).", "error_below_minimum_threshold" elif isinstance(obj, Finding_Group): finding_group_status = _safely_get_obj_status_for_jira(obj) - logger.error("Finding group status: %s", finding_group_status) if "Empty" in finding_group_status: return False, f"{to_str_typed(obj)} cannot be pushed to jira as it contains no findings above minimum treshold.", "error_empty" @@ -433,14 +432,19 @@ def has_jira_configured(obj): def connect_to_jira(jira_server, jira_username, jira_password): + max_retries = getattr(settings, "JIRA_MAX_RETRIES", 3) + timeout = getattr(settings, "JIRA_TIMEOUT", (10, 30)) + return JIRA( server=jira_server, basic_auth=(jira_username, jira_password), - max_retries=0, + max_retries=max_retries, + timeout=timeout, options={ "verify": settings.JIRA_SSL_VERIFY, "headers": settings.ADDITIONAL_HEADERS, - }) + }, + ) def get_jira_connect_method(): @@ -783,7 +787,11 @@ def push_finding_to_jira(finding, *args, **kwargs): @app.task @dojo_model_from_id(model=Finding_Group) def push_finding_group_to_jira(finding_group, *args, **kwargs): + # Look for findings that have single ticket associations separate from the group + for finding in finding_group.findings.filter(jira_issue__isnull=False): + update_jira_issue(finding, *args, **kwargs) if finding_group.has_jira_issue: + # Update the jira issue for the group return update_jira_issue(finding_group, *args, **kwargs) return add_jira_issue(finding_group, *args, **kwargs) diff --git a/dojo/management/commands/clear_celery_queue.py b/dojo/management/commands/clear_celery_queue.py new file mode 100644 index 00000000000..514d6892bfa --- /dev/null +++ b/dojo/management/commands/clear_celery_queue.py @@ -0,0 +1,115 @@ +import logging + +from django.core.management.base import BaseCommand + +from dojo.celery import app + +logger = logging.getLogger(__name__) + + +class Command(BaseCommand): + help = "Clear (purge) all tasks from Celery queues" + + def add_arguments(self, parser): + parser.add_argument( + "--queue", + type=str, + help="Specific queue name to clear (default: all queues)", + ) + parser.add_argument( + "--dry-run", + action="store_true", + help="Show what would be cleared without actually clearing", + ) + parser.add_argument( + "--force", + action="store_true", + help="Skip confirmation prompt (use with caution)", + ) + + def handle(self, *args, **options): + queue_name = options["queue"] + dry_run = options["dry_run"] + force = options["force"] + + # Get connection to broker + with app.connection() as conn: + # Get all queues or specific queue + if queue_name: + queues = [queue_name] + self.stdout.write(f"Targeting queue: {queue_name}") + else: + # Get all active queues from the broker + inspector = app.control.inspect() + active_queues = inspector.active_queues() + if active_queues: + # Extract unique queue names from all workers + queues = set() + for worker_queues in active_queues.values(): + queues.update(queue_info["name"] for queue_info in worker_queues) + queues = list(queues) + else: + # Fallback: try common default queue + queues = ["celery"] + self.stdout.write(f"Found {len(queues)} queue(s) to process") + + if not queues: + self.stdout.write(self.style.WARNING("No queues found to clear")) + return + + # Show what will be cleared + total_purged = 0 + for queue in queues: + try: + # Get queue length using channel + with conn.channel() as channel: + _, message_count, _ = channel.queue_declare(queue=queue, passive=True) + except Exception as e: + logger.debug(f"Could not get message count for queue {queue}: {e}") + message_count = "unknown" + + if dry_run: + self.stdout.write( + self.style.WARNING(f" Would purge {message_count} messages from queue: {queue}"), + ) + else: + self.stdout.write(f" Queue '{queue}': {message_count} messages") + + if dry_run: + self.stdout.write(self.style.SUCCESS("\nDry run complete. Use without --dry-run to actually purge.")) + return + + # Confirmation prompt + if not force: + self.stdout.write( + self.style.WARNING( + f"\nThis will permanently delete all messages from {len(queues)} queue(s).", + ), + ) + confirm = input("Are you sure you want to continue? (yes/no): ") + if confirm.lower() not in {"yes", "y"}: + self.stdout.write(self.style.ERROR("Operation cancelled.")) + return + + # Purge queues using direct channel purge + self.stdout.write("\nPurging queues...") + for queue in queues: + try: + with conn.channel() as channel: + purged_count = channel.queue_purge(queue=queue) + total_purged += purged_count + self.stdout.write( + self.style.SUCCESS(f" ✓ Purged {purged_count} messages from queue: {queue}"), + ) + except Exception as e: + self.stdout.write( + self.style.ERROR(f" ✗ Failed to purge queue '{queue}': {e}"), + ) + logger.error(f"Error purging queue {queue}: {e}") + + if total_purged > 0: + self.stdout.write( + self.style.SUCCESS(f"\nSuccessfully purged {total_purged} message(s) from {len(queues)} queue(s)."), + ) + else: + self.stdout.write(self.style.WARNING("\nNo messages were purged (queues may have been empty).")) diff --git a/dojo/management/commands/dedupe.py b/dojo/management/commands/dedupe.py index 90e063c975f..a8e0a538cfe 100644 --- a/dojo/management/commands/dedupe.py +++ b/dojo/management/commands/dedupe.py @@ -1,12 +1,19 @@ import logging +from django.conf import settings from django.core.management.base import BaseCommand +from django.db.models import Prefetch +from dojo.finding.deduplication import ( + dedupe_batch_of_findings, + do_dedupe_batch_task, + do_dedupe_finding, + do_dedupe_finding_task, + get_finding_models_for_deduplication, +) from dojo.models import Finding, Product from dojo.utils import ( calculate_grade, - do_dedupe_finding, - do_dedupe_finding_task, get_system_setting, mass_model_updater, ) @@ -26,11 +33,11 @@ def generate_hash_code(f): class Command(BaseCommand): """ - Updates hash codes and/or runs deduplication for findings. Hashcode calculation always runs in the foreground, dedupe by default runs in the background. - Usage: manage.py dedupe [--parser "Parser1 Scan" --parser "Parser2 Scan"...] [--hash_code_only] [--dedupe_only] [--dedupe_sync]' + Updates hash codes and/or runs deduplication for findings. Hashcode calculation always runs in the foreground, dedupe by default runs in the background in batch mode. + Usage: manage.py dedupe [--parser "Parser1 Scan" --parser "Parser2 Scan"...] [--hash_code_only] [--dedupe_only] [--dedupe_sync] [--dedupe_batch_mode]' """ - help = 'Usage: manage.py dedupe [--parser "Parser1 Scan" --parser "Parser2 Scan"...] [--hash_code_only] [--dedupe_only] [--dedupe_sync]' + help = 'Usage: manage.py dedupe [--parser "Parser1 Scan" --parser "Parser2 Scan"...] [--hash_code_only] [--dedupe_only] [--dedupe_sync] [--dedupe_batch_mode]' def add_arguments(self, parser): parser.add_argument( @@ -43,28 +50,45 @@ def add_arguments(self, parser): parser.add_argument("--hash_code_only", action="store_true", help="Only compute hash codes") parser.add_argument("--dedupe_only", action="store_true", help="Only run deduplication") parser.add_argument("--dedupe_sync", action="store_true", help="Run dedupe in the foreground, default false") + parser.add_argument( + "--dedupe_batch_mode", + action="store_true", + default=True, + help="Deduplicate in batches (similar to import), works with both sync and async modes (default: True)", + ) def handle(self, *args, **options): restrict_to_parsers = options["parser"] hash_code_only = options["hash_code_only"] dedupe_only = options["dedupe_only"] dedupe_sync = options["dedupe_sync"] + dedupe_batch_mode = options.get("dedupe_batch_mode", True) # Default to True (batch mode enabled) if restrict_to_parsers is not None: - findings = Finding.objects.filter(test__test_type__name__in=restrict_to_parsers) + findings = Finding.objects.filter(test__test_type__name__in=restrict_to_parsers).exclude(duplicate=True) logger.info("######## Will process only parsers %s and %d findings ########", *restrict_to_parsers, findings.count()) else: # add filter on id to make counts not slow on mysql - findings = Finding.objects.all().filter(id__gt=0) + # exclude duplicates to avoid reprocessing findings that are already marked as duplicates + findings = Finding.objects.all().filter(id__gt=0).exclude(duplicate=True) logger.info("######## Will process the full database with %d findings ########", findings.count()) + # Prefetch related objects for synchronous deduplication + findings = findings.select_related( + "test", "test__engagement", "test__engagement__product", "test__test_type", + ).prefetch_related( + "endpoints", + Prefetch( + "original_finding", + queryset=Finding.objects.only("id", "duplicate_finding_id").order_by("-id"), + ), + ) + # Phase 1: update hash_codes without deduplicating if not dedupe_only: logger.info("######## Start Updating Hashcodes (foreground) ########") - # only prefetch here for hash_code calculation - finds = findings.prefetch_related("endpoints", "test__test_type") - mass_model_updater(Finding, finds, generate_hash_code, fields=["hash_code"], order="asc", log_prefix="hash_code computation ") + mass_model_updater(Finding, findings, generate_hash_code, fields=["hash_code"], order="asc", log_prefix="hash_code computation ") logger.info("######## Done Updating Hashcodes########") @@ -72,17 +96,72 @@ def handle(self, *args, **options): if not hash_code_only: if get_system_setting("enable_deduplication"): logger.info("######## Start deduplicating (%s) ########", ("foreground" if dedupe_sync else "background")) - if dedupe_sync: + if dedupe_batch_mode: + self._dedupe_batch_mode(findings, dedupe_sync=dedupe_sync) + elif dedupe_sync: mass_model_updater(Finding, findings, do_dedupe_finding, fields=None, order="desc", page_size=100, log_prefix="deduplicating ") else: # async tasks only need the id mass_model_updater(Finding, findings.only("id"), lambda f: do_dedupe_finding_task(f.id), fields=None, order="desc", log_prefix="deduplicating ") - # update the grading (if enabled) - logger.debug("Updating grades for products...") - for product in Product.objects.all(): - calculate_grade(product) + if dedupe_sync: + # update the grading (if enabled) and only useful in sync mode + # in async mode the background task that grades products every hour will pick it up + logger.debug("Updating grades for products...") + for product in Product.objects.all(): + calculate_grade(product) logger.info("######## Done deduplicating (%s) ########", ("foreground" if dedupe_sync else "tasks submitted to celery")) else: logger.debug("skipping dedupe because it's disabled in system settings") + + def _dedupe_batch_mode(self, findings_queryset, *, dedupe_sync: bool = True): + """ + Deduplicate findings in batches of max 1000 per test (similar to import process). + This is more efficient than processing findings one-by-one. + Can run synchronously or asynchronously. + """ + mode_str = "synchronous" if dedupe_sync else "asynchronous" + logger.info(f"######## Deduplicating in batch mode ({mode_str}) ########") + + batch_max_size = getattr(settings, "IMPORT_REIMPORT_DEDUPE_BATCH_SIZE", 1000) + total_findings = findings_queryset.count() + logger.info(f"Processing {total_findings} findings in batches of max {batch_max_size} per test ({mode_str})") + + # Group findings by test_id to process them in batches per test + test_ids = findings_queryset.values_list("test_id", flat=True).distinct() + total_tests = len(test_ids) + total_processed = 0 + + for test_id in test_ids: + # Get finding IDs for this test (exclude duplicates to avoid reprocessing) + test_finding_ids = list(findings_queryset.filter(test_id=test_id).exclude(duplicate=True).values_list("id", flat=True)) + + if not test_finding_ids: + continue + + # Process findings for this test in batches of max batch_max_size + batch_finding_ids = [] + for idx, finding_id in enumerate(test_finding_ids): + is_final_finding_for_test = idx == len(test_finding_ids) - 1 + batch_finding_ids.append(finding_id) + + # If batch is full or we're at the end of this test's findings, process the batch + if len(batch_finding_ids) >= batch_max_size or is_final_finding_for_test: + if dedupe_sync: + # Synchronous: load findings and process immediately + batch_findings = get_finding_models_for_deduplication(batch_finding_ids) + logger.debug(f"Deduplicating batch of {len(batch_findings)} findings for test {test_id}") + dedupe_batch_of_findings(batch_findings) + else: + # Asynchronous: submit task with finding IDs + logger.debug(f"Submitting async batch task for {len(batch_finding_ids)} findings for test {test_id}") + do_dedupe_batch_task(batch_finding_ids) + + total_processed += len(batch_finding_ids) + batch_finding_ids = [] + + if total_processed % (batch_max_size * 10) == 0: + logger.info(f"Processed {total_processed}/{total_findings} findings") + + logger.info(f"######## Completed batch deduplication for {total_processed} findings across {total_tests} tests ({mode_str}) ########") diff --git a/dojo/models.py b/dojo/models.py index 0f586dcfbb6..282a8c4d667 100644 --- a/dojo/models.py +++ b/dojo/models.py @@ -2234,6 +2234,7 @@ def deduplication_algorithm(self): @property def hash_code_fields(self): + """Retrieve OS HASH_CODE_FIELDS_PER_SCANNER settings. Be aware when calling this to make sure Pro doesn't use these OS seetings""" hashCodeFields = None if hasattr(settings, "HASHCODE_FIELDS_PER_SCANNER"): @@ -2434,6 +2435,11 @@ class Finding(models.Model): default=None, verbose_name=_("Fix Available"), help_text=_("Denotes if there is a fix available for this flaw.")) + fix_version = models.CharField(null=True, + blank=True, + max_length=100, + verbose_name=_("Fix version"), + help_text=_("Version of the affected component in which the flaw is fixed.")) impact = models.TextField(verbose_name=_("Impact"), null=True, blank=True, @@ -2911,7 +2917,7 @@ def compute_hash_code(self): # Allow Pro to overwrite compute hash_code which gets dedupe settings from a database instead of django.settings from dojo.utils import get_custom_method # noqa: PLC0415 circular import if compute_hash_code_method := get_custom_method("FINDING_COMPUTE_HASH_METHOD"): - deduplicationLogger.debug("using custom compute_hash_code method") + deduplicationLogger.debug("using custom FINDING_COMPUTE_HASH_METHOD method") return compute_hash_code_method(self) # Check if all needed settings are defined @@ -3494,15 +3500,16 @@ def violates_sla(self): def set_hash_code(self, dedupe_option): from dojo.utils import get_custom_method # noqa: PLC0415 circular import if hash_method := get_custom_method("FINDING_HASH_METHOD"): + deduplicationLogger.debug("Using custom hash method") hash_method(self, dedupe_option) # Finding.save is called once from serializers.py with dedupe_option=False because the finding is not ready yet, for example the endpoints are not built # It is then called a second time with dedupe_option defaulted to true; now we can compute the hash_code and run the deduplication elif dedupe_option: if self.hash_code is not None: - deduplicationLogger.debug("Hash_code already computed for finding") + deduplicationLogger.debug("Hash_code already computed for finding %i", self.id) else: self.hash_code = self.compute_hash_code() - deduplicationLogger.debug("Hash_code computed for finding: %s", self.hash_code) + deduplicationLogger.debug("Hash_code computed for finding %i: %s", self.id, self.hash_code) class FindingAdmin(admin.ModelAdmin): @@ -4685,11 +4692,15 @@ def __str__(self): return self.survey.name +def default_expiration(): + return timezone.now() + timedelta(days=7) + + class General_Survey(models.Model): survey = models.ForeignKey(Engagement_Survey, on_delete=models.CASCADE) num_responses = models.IntegerField(default=0) generated = models.DateTimeField(auto_now_add=True, null=True) - expiration = models.DateTimeField(null=False, blank=False) + expiration = models.DateTimeField(default=default_expiration) class Meta: verbose_name = _("General Engagement Survey") @@ -4698,6 +4709,10 @@ class Meta: def __str__(self): return self.survey.name + def clean(self): + if self.expiration and timezone.is_naive(self.expiration): + self.expiration = timezone.make_aware(self.expiration) + with warnings.catch_warnings(action="ignore", category=ManagerInheritanceWarning): class Answer(PolymorphicModel, TimeStampedModel): diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 57c18e6ea56..f13696c586b 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -115,6 +115,7 @@ DD_SOCIAL_AUTH_CREATE_USER=(bool, True), # if True creates user at first login DD_SOCIAL_AUTH_CREATE_USER_MAPPING=(str, "username"), # could also be email or fullname DD_SOCIAL_LOGIN_AUTO_REDIRECT=(bool, False), # auto-redirect if there is only one social login method + DD_SOCIAL_AUTH_REDIRECT_IS_HTTPS=(bool, False), # If true, the redirect after login will use the HTTPS protocol DD_SOCIAL_AUTH_TRAILING_SLASH=(bool, True), DD_SOCIAL_AUTH_OIDC_AUTH_ENABLED=(bool, False), DD_SOCIAL_AUTH_OIDC_OIDC_ENDPOINT=(str, ""), @@ -249,6 +250,16 @@ # When interacting with jira tickets that attached finding groups, we should no be opening any findings # on the DefectDojo side because jira has no way of knowing if a finding really should be reopened or not DD_JIRA_WEBHOOK_ALLOW_FINDING_GROUP_REOPEN=(bool, False), + # JIRA connection retry and timeout settings: https://developer.atlassian.com/cloud/jira/platform/rate-limiting/ + # Maximum number of retry attempts for recoverable errors (429, 503, ConnectionError) + # See https://jira.readthedocs.io/ for more in the jira library used by DefectDojo + # Note: The jira library has a built-in maximum wait time of 60s for rate limiting retries. + # If JIRA's Retry-After header indicates a wait time longer than 60s, the request will fail and not be retried. + DD_JIRA_MAX_RETRIES=(int, 3), + # Connection timeout (seconds) for establishing a connection to the JIRA server + DD_JIRA_CONNECT_TIMEOUT=(int, 10), + # Read timeout (seconds) for waiting for a response from the JIRA server + DD_JIRA_READ_TIMEOUT=(int, 30), # You can set extra Jira issue types via a simple env var that supports a csv format, like "Work Item,Vulnerability" DD_JIRA_EXTRA_ISSUE_TYPES=(str, ""), # if you want to keep logging to the console but in json format, change this here to 'json_console' @@ -273,6 +284,8 @@ DD_EDITABLE_MITIGATED_DATA=(bool, False), # new feature that tracks history across multiple reimports for the same test DD_TRACK_IMPORT_HISTORY=(bool, True), + # Batch size for import/reimport deduplication processing + DD_IMPORT_REIMPORT_DEDUPE_BATCH_SIZE=(int, 1000), # Delete Auditlogs older than x month; -1 to keep all logs DD_AUDITLOG_FLUSH_RETENTION_PERIOD=(int, -1), # Batch size for flushing audit logs per task run @@ -582,6 +595,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param # Showing login form (form is not needed for external auth: OKTA, Google Auth, etc.) SHOW_LOGIN_FORM = env("DD_SOCIAL_AUTH_SHOW_LOGIN_FORM") SOCIAL_LOGIN_AUTO_REDIRECT = env("DD_SOCIAL_LOGIN_AUTO_REDIRECT") +SOCIAL_AUTH_REDIRECT_IS_HTTPS = env("DD_SOCIAL_AUTH_REDIRECT_IS_HTTPS") SOCIAL_AUTH_CREATE_USER = env("DD_SOCIAL_AUTH_CREATE_USER") SOCIAL_AUTH_CREATE_USER_MAPPING = env("DD_SOCIAL_AUTH_CREATE_USER_MAPPING") @@ -1410,6 +1424,8 @@ def saml2_attrib_map_format(din): "Cycognito Scan": ["title", "severity"], "OpenVAS Parser v2": ["title", "severity", "vuln_id_from_tool", "endpoints"], "Snyk Issue API Scan": ["vuln_id_from_tool", "file_path"], + "OpenReports": ["vulnerability_ids", "component_name", "component_version", "severity"], + "n0s1 Scanner": ["description"], } # Override the hardcoded settings here via the env var @@ -1482,6 +1498,7 @@ def saml2_attrib_map_format(din): "AWS Inspector2 Scan": True, "Cyberwatch scan (Galeax)": True, "OpenVAS Parser v2": True, + "OpenReports": True, } # List of fields that are known to be usable in hash_code computation) @@ -1672,6 +1689,7 @@ def saml2_attrib_map_format(din): "Cyberwatch scan (Galeax)": DEDUPE_ALGO_HASH_CODE, "OpenVAS Parser v2": DEDUPE_ALGO_HASH_CODE, "Snyk Issue API Scan": DEDUPE_ALGO_HASH_CODE, + "OpenReports": DEDUPE_ALGO_HASH_CODE, } # Override the hardcoded settings here via the env var @@ -1693,6 +1711,7 @@ def saml2_attrib_map_format(din): DISABLE_FINDING_MERGE = env("DD_DISABLE_FINDING_MERGE") TRACK_IMPORT_HISTORY = env("DD_TRACK_IMPORT_HISTORY") +IMPORT_REIMPORT_DEDUPE_BATCH_SIZE = env("DD_IMPORT_REIMPORT_DEDUPE_BATCH_SIZE") # ------------------------------------------------------------------------------ # JIRA @@ -1714,6 +1733,12 @@ def saml2_attrib_map_format(din): JIRA_SSL_VERIFY = env("DD_JIRA_SSL_VERIFY") JIRA_DESCRIPTION_MAX_LENGTH = env("DD_JIRA_DESCRIPTION_MAX_LENGTH") JIRA_WEBHOOK_ALLOW_FINDING_GROUP_REOPEN = env("DD_JIRA_WEBHOOK_ALLOW_FINDING_GROUP_REOPEN") +# JIRA connection retry and timeout settings +JIRA_MAX_RETRIES = env("DD_JIRA_MAX_RETRIES") +JIRA_CONNECT_TIMEOUT = env("DD_JIRA_CONNECT_TIMEOUT") +JIRA_READ_TIMEOUT = env("DD_JIRA_READ_TIMEOUT") +# Combine timeouts into a tuple for the JIRA library: (connect_timeout, read_timeout) +JIRA_TIMEOUT = (JIRA_CONNECT_TIMEOUT, JIRA_READ_TIMEOUT) # ------------------------------------------------------------------------------ # LOGGING diff --git a/dojo/templates/dojo/view_finding.html b/dojo/templates/dojo/view_finding.html index c8f79b63b25..2626130ed07 100755 --- a/dojo/templates/dojo/view_finding.html +++ b/dojo/templates/dojo/view_finding.html @@ -554,6 +554,12 @@

{% if finding.component_version %} Component Version {% endif %} + {% if finding.fix_available %} + Fix Available + {% endif %} + {% if finding.fix_version %} + Fixed Version + {% endif %} {% if finding.has_jira_configured or finding.jira_issue %} JIRA JIRA Change @@ -611,6 +617,20 @@

{% endif %} + {% if finding.fix_available %} + + + {{ finding.fix_available }} + + + {% endif %} + {% if finding.fix_version %} + + + {{ finding.fix_version }} + + + {% endif %} {% if finding.has_jira_configured or finding.has_jira_issue or finding.has_jira_group_issue %} {% if finding.has_jira_group_issue %} diff --git a/dojo/test/views.py b/dojo/test/views.py index 4249ff7a270..5db820d6c3a 100644 --- a/dojo/test/views.py +++ b/dojo/test/views.py @@ -607,7 +607,6 @@ def process_forms(self, request: HttpRequest, test: Test, context: dict): # Note: this notification has not be moved to "@receiver(post_save, sender=Finding)" method as many other notifications # Because it could generate too much noise, we keep it here only for findings created by hand in WebUI - # TODO: but same should be implemented for API endpoint # Create a notification create_notification( diff --git a/dojo/tools/anchore_grype/parser.py b/dojo/tools/anchore_grype/parser.py index 2cf89b87f44..34b55b738a9 100644 --- a/dojo/tools/anchore_grype/parser.py +++ b/dojo/tools/anchore_grype/parser.py @@ -121,11 +121,16 @@ def get_findings(self, file, test): finding_description += f"\n**Package URL:** {artifact_purl}" finding_mitigation = None + fix_available = False + fix_version = None if vuln_fix_versions: + fix_available = True finding_mitigation = "Upgrade to version:" if len(vuln_fix_versions) == 1: finding_mitigation += f" {vuln_fix_versions[0]}" + fix_version = vuln_fix_versions[0] else: + fix_version = ", ".join(vuln_fix_versions) for fix_version in vuln_fix_versions: finding_mitigation += f"\n- {fix_version}" @@ -200,6 +205,8 @@ def get_findings(self, file, test): dynamic_finding=False, nb_occurences=1, file_path=file_path, + fix_available=fix_available, + fix_version=fix_version, ) dupes[dupe_key].unsaved_vulnerability_ids = vulnerability_ids diff --git a/dojo/tools/n0s1/__init__.py b/dojo/tools/n0s1/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/dojo/tools/n0s1/parser.py b/dojo/tools/n0s1/parser.py new file mode 100644 index 00000000000..bbfc60422e2 --- /dev/null +++ b/dojo/tools/n0s1/parser.py @@ -0,0 +1,86 @@ + +import json + +from dojo.models import Finding +from dojo.tools.parser_test import ParserTest + + +class N0s1Parser: + def get_scan_types(self): + return ["n0s1 Scanner"] + + def get_label_for_scan_types(self, scan_type): + return scan_type + + def get_description_for_scan_types(self, scan_type): + return "JSON output from the n0s1 scanner." + + def get_tests(self, scan_type, handle): + data = json.load(handle) + subscanner = self.detect_subscanner(data) + test = ParserTest( + name=subscanner, + parser_type=subscanner, + version=data.get("tool", {}).get("version", ""), + description=f"Scan from {subscanner}", + ) + test.findings = self.get_findings_from_data(data) + return [test] + + def get_findings(self, scan_file, test): + data = json.load(scan_file) + return self.get_findings_from_data(data) + + def detect_subscanner(self, data): + platforms = {f.get("details", {}).get("platform", "") for f in data.get("findings", {}).values()} + if "Confluence" in platforms: + return "n0s1 Confluence" + if "GitHub" in platforms: + return "n0s1 GitHub" + if "GitLab" in platforms: + return "n0s1 GitLab" + return "n0s1" + + def get_findings_from_data(self, data): + dupes = {} + regex_configs = {} + if "regex_config" in data and "rules" in data["regex_config"]: + for rule in data["regex_config"]["rules"]: + regex_configs[rule["id"]] = rule + for finding_id, finding_data in data.get("findings", {}).items(): + details = finding_data.get("details", {}) + regex_ref = details.get("matched_regex_config", {}) + regex_id = regex_ref.get("id") + regex_info = regex_configs.get(regex_id, {}) + merged_regex = { + "id": regex_id, + "description": regex_ref.get("description", regex_info.get("description", "N/A")), + "regex": regex_ref.get("regex", regex_info.get("regex", "N/A")), + "keywords": regex_info.get("keywords", []), + "tags": regex_info.get("tags", []), + } + title = merged_regex["id"] or "n0s1 Finding" + description = f"**URL:** {finding_data.get('url', 'N/A')}\n" + description += f"**Secret:** {finding_data.get('secret', 'N/A')}\n" + description += f"**Platform:** {details.get('platform', 'N/A')}\n" + description += f"**Ticket Field:** {details.get('ticket_field', 'N/A')}\n" + description += f"**Regex ID:** {merged_regex['id']}\n" + description += f"**Regex Description:** {merged_regex['description']}\n" + description += f"**Regex Pattern:** {merged_regex['regex']}\n" + if merged_regex["keywords"]: + description += f"**Keywords:** {', '.join(merged_regex['keywords'])}\n" + if merged_regex["tags"]: + description += f"**Tags:** {', '.join(merged_regex['tags'])}\n" + dupe_key = finding_data.get("id", finding_id) + if dupe_key in dupes: + continue + finding = Finding( + title=title, + description=description, + severity="High", + dynamic_finding=True, + static_finding=False, + unique_id_from_tool=dupe_key, + ) + dupes[dupe_key] = finding + return list(dupes.values()) diff --git a/dojo/tools/nexpose/parser.py b/dojo/tools/nexpose/parser.py index 9c03ba8f277..d2a9b28541c 100644 --- a/dojo/tools/nexpose/parser.py +++ b/dojo/tools/nexpose/parser.py @@ -63,7 +63,7 @@ def parse_html_type(self, node): ret += "
  • " + str(node.text).strip() + "
    • " if tag == "orderedlist": i = 1 - for item in list(node): + for i, item in enumerate(node): ret += ( "
      " + str(i) @@ -71,7 +71,6 @@ def parse_html_type(self, node): + self.parse_html_type(item) + "
    " ) - i += 1 if tag == "paragraph": if len(list(node)) > 0: for child in list(node): diff --git a/dojo/tools/openreports/__init__.py b/dojo/tools/openreports/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/dojo/tools/openreports/parser.py b/dojo/tools/openreports/parser.py new file mode 100644 index 00000000000..e222676fcea --- /dev/null +++ b/dojo/tools/openreports/parser.py @@ -0,0 +1,285 @@ +"""Parser for OpenReports (https://github.com/openreports/reports-api) vulnerability scan reports""" + +import json +import logging + +from dojo.models import Finding +from dojo.tools.parser_test import ParserTest + +logger = logging.getLogger(__name__) + + +OPENREPORTS_SEVERITIES = { + "critical": "Critical", + "high": "High", + "medium": "Medium", + "low": "Low", + "info": "Info", +} + +DESCRIPTION_TEMPLATE = """{message} + +**Category:** {category} +**Policy:** {policy} +**Result:** {result} +**Source:** {source} +**Package Name:** {pkg_name} +**Installed Version:** {installed_version} +**Primary URL:** {primary_url} +""" + + +class OpenreportsParser: + def get_scan_types(self): + return ["OpenReports"] + + def get_label_for_scan_types(self, scan_type): + return "OpenReports" + + def get_description_for_scan_types(self, scan_type): + return "Import OpenReports JSON report." + + def get_findings(self, scan_file, test): + scan_data = scan_file.read() + + try: + data = json.loads(str(scan_data, "utf-8")) + except Exception: + data = json.loads(scan_data) + + if data is None: + return [] + + findings = [] + + # Handle both single report and list of reports + reports = [] + if isinstance(data, dict): + # Check if it's a Kubernetes List object + if data.get("kind") == "List" and "items" in data: + reports = data["items"] + # Check if it's a single Report object + elif data.get("kind") == "Report": + reports = [data] + elif isinstance(data, list): + reports = data + + for report in reports: + if not isinstance(report, dict) or report.get("kind") != "Report": + continue + + findings.extend(self._parse_report(test, report)) + + return findings + + def get_tests(self, scan_type, handle): + try: + data = json.load(handle) + except Exception: + handle.seek(0) + scan_data = handle.read() + try: + data = json.loads(str(scan_data, "utf-8")) + except Exception: + data = json.loads(scan_data) + + if data is None: + return [] + + # Handle both single report and list of reports + reports = [] + if isinstance(data, dict): + if data.get("kind") == "List" and "items" in data: + reports = data["items"] + elif data.get("kind") == "Report": + reports = [data] + elif isinstance(data, list): + reports = data + + # Find all unique sources across all reports + sources_found = set() + for report in reports: + if not isinstance(report, dict) or report.get("kind") != "Report": + continue + for result in report.get("results", []): + source = result.get("source", "OpenReports") + sources_found.add(source) + + # Create a ParserTest for each source + tests = [] + for source in sorted(sources_found): + test = ParserTest( + name=source, + parser_type=source, + version=None, + ) + test.findings = [] + + # Parse all reports and filter findings by source + for report in reports: + if not isinstance(report, dict) or report.get("kind") != "Report": + continue + + findings = self._parse_report_for_source(test, report, source) + test.findings.extend(findings) + + tests.append(test) + + return tests + + def _parse_report(self, test, report): + findings = [] + + # Extract metadata + metadata = report.get("metadata", {}) + report_name = metadata.get("name", "") + namespace = metadata.get("namespace", "") + report_uid = metadata.get("uid", "") + + # Extract scope information + scope = report.get("scope", {}) + scope_kind = scope.get("kind", "") + scope_name = scope.get("name", "") + + # Create service identifier from scope and metadata + service_name = f"{namespace}/{scope_kind}/{scope_name}" if namespace else f"{scope_kind}/{scope_name}" + + # Extract results + results = report.get("results", []) + + for result in results: + if not isinstance(result, dict): + continue + + finding = self._create_finding_from_result(test, result, service_name, report_name, report_uid) + if finding: + findings.append(finding) + + return findings + + def _parse_report_for_source(self, test, report, source_filter): + findings = [] + + # Extract metadata + metadata = report.get("metadata", {}) + report_name = metadata.get("name", "") + namespace = metadata.get("namespace", "") + report_uid = metadata.get("uid", "") + + # Extract scope information + scope = report.get("scope", {}) + scope_kind = scope.get("kind", "") + scope_name = scope.get("name", "") + + # Create service identifier from scope and metadata + service_name = f"{namespace}/{scope_kind}/{scope_name}" if namespace else f"{scope_kind}/{scope_name}" + + # Extract results + results = report.get("results", []) + + for result in results: + if not isinstance(result, dict): + continue + + # Filter by source + result_source = result.get("source", "OpenReports") + if result_source != source_filter: + continue + + finding = self._create_finding_from_result(None, result, service_name, report_name, report_uid) + if finding: + findings.append(finding) + + return findings + + def _create_finding_from_result(self, test, result, service_name, report_name, report_uid): + try: + # Extract basic fields + message = result.get("message", "") + category = result.get("category", "") + policy = result.get("policy", "") + result_status = result.get("result", "") + severity = result.get("severity", "info").lower() + source = result.get("source", "") + + # Extract properties + properties = result.get("properties", {}) + pkg_name = properties.get("pkgName", "") + installed_version = properties.get("installedVersion", "") + fixed_version = properties.get("fixedVersion", "") + primary_url = properties.get("primaryURL", "") + + # Convert severity to DefectDojo format + severity_normalized = OPENREPORTS_SEVERITIES.get(severity, "Info") + + # Create title + title = f"{policy} in {pkg_name}" if policy.startswith("CVE-") else f"{policy}: {message}" + + # Create description + description = DESCRIPTION_TEMPLATE.format( + message=message, + category=category, + policy=policy, + result=result_status, + source=source, + pkg_name=pkg_name, + installed_version=installed_version, + primary_url=primary_url, + ) + + # Determine if fix is available + fix_available = bool(fixed_version and fixed_version.strip()) + + # Set mitigation based on fixed version + mitigation = f"Upgrade to version: {fixed_version}" if fixed_version else "" + + # Set references + references = primary_url or "" + + # Determine active status based on result + active = result_status not in {"skip", "pass"} + verified = result_status in {"fail", "warn"} + + # Create finding + finding = Finding( + test=test, + title=title, + description=description, + severity=severity_normalized, + references=references, + mitigation=mitigation, + component_name=pkg_name, + component_version=installed_version, + service=service_name, + active=active, + verified=verified, + static_finding=True, + dynamic_finding=False, + fix_available=fix_available, + fix_version=fixed_version or None, + ) + + # Create tags + tags = [category, source] + scope_kind = service_name.split("/")[1] if "/" in service_name else "" + if scope_kind: + tags.append(scope_kind) + + # Set unsaved_tags attribute + finding.unsaved_tags = tags + + # Add vulnerability ID if it's a CVE + if policy.startswith("CVE-"): + finding.unsaved_vulnerability_ids = [policy] + + # Set vuln_id_from_tool to policy field for display + finding.vuln_id_from_tool = policy + + return finding # noqa: TRY300 - This is intentional + + except KeyError as exc: + logger.warning("Failed to parse OpenReports result due to missing key: %r", exc) + return None + except Exception as exc: + logger.warning("Failed to parse OpenReports result: %r", exc) + return None diff --git a/dojo/tools/zora/__init__.py b/dojo/tools/zora/__init__.py new file mode 100644 index 00000000000..3ad798a42b3 --- /dev/null +++ b/dojo/tools/zora/__init__.py @@ -0,0 +1 @@ +__author__ = "manuel-sommer" diff --git a/dojo/tools/zora/parser.py b/dojo/tools/zora/parser.py new file mode 100644 index 00000000000..4768a79263c --- /dev/null +++ b/dojo/tools/zora/parser.py @@ -0,0 +1,70 @@ + +import csv +import io + +from dojo.models import Finding, Test + + +class ZoraParser: + + """Parser for Zora combined CSV export.""" + + def get_scan_types(self): + return ["Zora Parser"] + + def get_label_for_scan_types(self, scan_type): + return "Zora Parser" + + def get_description_for_scan_types(self, scan_type): + return "Zora Parser scan results in csv file format." + + def get_findings(self, content, test: Test) -> list[Finding]: + findings = [] + if hasattr(content, "read"): + content = content.read() + if isinstance(content, bytes): + content = content.decode("utf-8") + csv_reader = csv.DictReader(io.StringIO(content), delimiter=",", quotechar='"') + for row in csv_reader: + title = row.get("title") + raw_severity = (row.get("severity") or "").strip().lower() + severity_map = { + "info": "Info", + "informational": "Info", + "low": "Low", + "medium": "Medium", + "med": "Medium", + "high": "High", + "critical": "Critical", + "crit": "Critical", + } + severity = severity_map.get(raw_severity, "Info") + description = f"**Source**: {row.get('source')}\n" + description += f"**Image**: {row.get('image')}\n" + description += f"**ID**: {row.get('id')}\n" + description += f"**Details**: {row.get('description')}\n" + mitigation = row.get("description", "") + unique_id = f"{row.get('source')}-{row.get('image')}-{row.get('id')}" + status = row.get("status", "").upper() + is_mitigated = status in {"PASS", "OK", "FIXED"} + finding = Finding( + title=title, + description=description, + severity=severity, + mitigation=mitigation, + static_finding=False, + dynamic_finding=True, + unique_id_from_tool=unique_id, + test=test, + is_mitigated=is_mitigated, + ) + if row.get("fixVersion"): + finding.fix_available = True + finding.fix_version = row.get("fixVersion") + else: + finding.fix_available = False + vuln_id = row.get("id") + if vuln_id: + finding.unsaved_vulnerability_ids = [vuln_id] + findings.append(finding) + return findings diff --git a/dojo/utils.py b/dojo/utils.py index fc676e8d2cf..a00ba7b48f1 100644 --- a/dojo/utils.py +++ b/dojo/utils.py @@ -16,7 +16,6 @@ import bleach import crum import cvss -import hyperlink import vobject from asteval import Interpreter from auditlog.models import LogEntry @@ -237,353 +236,6 @@ def match_finding_to_existing_findings(finding, product=None, engagement=None, t return None -# true if both findings are on an engagement that have a different "deduplication on engagement" configuration -def is_deduplication_on_engagement_mismatch(new_finding, to_duplicate_finding): - return not new_finding.test.engagement.deduplication_on_engagement and to_duplicate_finding.test.engagement.deduplication_on_engagement - - -def get_endpoints_as_url(finding): - return [hyperlink.parse(str(e)) for e in finding.endpoints.all()] - - -def are_urls_equal(url1, url2, fields): - # Possible values are: scheme, host, port, path, query, fragment, userinfo, and user. - # For a details description see https://hyperlink.readthedocs.io/en/latest/api.html#attributes - deduplicationLogger.debug("Check if url %s and url %s are equal in terms of %s.", url1, url2, fields) - for field in fields: - if field == "scheme": - if url1.scheme != url2.scheme: - return False - elif field == "host": - if url1.host != url2.host: - return False - elif field == "port": - if url1.port != url2.port: - return False - elif field == "path": - if url1.path != url2.path: - return False - elif field == "query": - if url1.query != url2.query: - return False - elif field == "fragment": - if url1.fragment != url2.fragment: - return False - elif field == "userinfo": - if url1.userinfo != url2.userinfo: - return False - elif field == "user": - if url1.user != url2.user: - return False - else: - logger.warning("Field " + field + " is not supported by the endpoint dedupe algorithm, ignoring it.") - return True - - -def are_endpoints_duplicates(new_finding, to_duplicate_finding): - fields = settings.DEDUPE_ALGO_ENDPOINT_FIELDS - # shortcut if fields list is empty/feature is disabled - if len(fields) == 0: - deduplicationLogger.debug("deduplication by endpoint fields is disabled") - return True - - list1 = get_endpoints_as_url(new_finding) - list2 = get_endpoints_as_url(to_duplicate_finding) - - deduplicationLogger.debug(f"Starting deduplication by endpoint fields for finding {new_finding.id} with urls {list1} and finding {to_duplicate_finding.id} with urls {list2}") - if list1 == [] and list2 == []: - return True - - for l1 in list1: - for l2 in list2: - if are_urls_equal(l1, l2, fields): - return True - return False - - -@dojo_model_to_id -@dojo_async_task -@app.task -@dojo_model_from_id -def do_dedupe_finding_task(new_finding, *args, **kwargs): - return do_dedupe_finding(new_finding, *args, **kwargs) - - -def do_dedupe_finding(new_finding, *args, **kwargs): - if dedupe_method := get_custom_method("FINDING_DEDUPE_METHOD"): - return dedupe_method(new_finding, *args, **kwargs) - - try: - enabled = System_Settings.objects.get(no_cache=True).enable_deduplication - except System_Settings.DoesNotExist: - logger.warning("system settings not found") - enabled = False - if enabled: - deduplicationLogger.debug("dedupe for: " + str(new_finding.id) - + ":" + str(new_finding.title)) - deduplicationAlgorithm = new_finding.test.deduplication_algorithm - deduplicationLogger.debug("deduplication algorithm: " + deduplicationAlgorithm) - if deduplicationAlgorithm == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL: - deduplicate_unique_id_from_tool(new_finding) - elif deduplicationAlgorithm == settings.DEDUPE_ALGO_HASH_CODE: - deduplicate_hash_code(new_finding) - elif deduplicationAlgorithm == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE: - deduplicate_uid_or_hash_code(new_finding) - else: - deduplicationLogger.debug("no configuration per parser found; using legacy algorithm") - deduplicate_legacy(new_finding) - else: - deduplicationLogger.debug("dedupe: skipping dedupe because it's disabled in system settings get()") - return None - - -def deduplicate_legacy(new_finding): - # --------------------------------------------------------- - # 1) Collects all the findings that have the same: - # (title and static_finding and dynamic_finding) - # or (CWE and static_finding and dynamic_finding) - # as the new one - # (this is "cond1") - # --------------------------------------------------------- - if new_finding.test.engagement.deduplication_on_engagement: - eng_findings_cwe = Finding.objects.filter( - test__engagement=new_finding.test.engagement, - cwe=new_finding.cwe).exclude(id=new_finding.id).exclude(cwe=0).exclude(duplicate=True).values("id") - eng_findings_title = Finding.objects.filter( - test__engagement=new_finding.test.engagement, - title=new_finding.title).exclude(id=new_finding.id).exclude(duplicate=True).values("id") - else: - eng_findings_cwe = Finding.objects.filter( - test__engagement__product=new_finding.test.engagement.product, - cwe=new_finding.cwe).exclude(id=new_finding.id).exclude(cwe=0).exclude(duplicate=True).values("id") - eng_findings_title = Finding.objects.filter( - test__engagement__product=new_finding.test.engagement.product, - title=new_finding.title).exclude(id=new_finding.id).exclude(duplicate=True).values("id") - - total_findings = Finding.objects.filter(Q(id__in=eng_findings_cwe) | Q(id__in=eng_findings_title)).prefetch_related("endpoints", "test", "test__engagement", "found_by", "original_finding", "test__test_type") - deduplicationLogger.debug("Found " - + str(len(eng_findings_cwe)) + " findings with same cwe, " - + str(len(eng_findings_title)) + " findings with same title: " - + str(len(total_findings)) + " findings with either same title or same cwe") - - # total_findings = total_findings.order_by('date') - for find in total_findings.order_by("id"): - flag_endpoints = False - flag_line_path = False - flag_hash = False - if is_deduplication_on_engagement_mismatch(new_finding, find): - deduplicationLogger.debug( - "deduplication_on_engagement_mismatch, skipping dedupe.") - continue - - # --------------------------------------------------------- - # 2) If existing and new findings have endpoints: compare them all - # Else look at line+file_path - # (if new finding is not static, do not deduplicate) - # --------------------------------------------------------- - - if find.endpoints.count() != 0 and new_finding.endpoints.count() != 0: - list1 = [str(e) for e in new_finding.endpoints.all()] - list2 = [str(e) for e in find.endpoints.all()] - - if all(x in list1 for x in list2): - deduplicationLogger.debug("%s: existing endpoints are present in new finding", find.id) - flag_endpoints = True - elif new_finding.static_finding and new_finding.file_path and len(new_finding.file_path) > 0: - if str(find.line) == str(new_finding.line) and find.file_path == new_finding.file_path: - deduplicationLogger.debug("%s: file_path and line match", find.id) - flag_line_path = True - else: - deduplicationLogger.debug("no endpoints on one of the findings and file_path doesn't match; Deduplication will not occur") - else: - deduplicationLogger.debug("find.static/dynamic: %s/%s", find.static_finding, find.dynamic_finding) - deduplicationLogger.debug("new_finding.static/dynamic: %s/%s", new_finding.static_finding, new_finding.dynamic_finding) - deduplicationLogger.debug("find.file_path: %s", find.file_path) - deduplicationLogger.debug("new_finding.file_path: %s", new_finding.file_path) - - deduplicationLogger.debug("no endpoints on one of the findings and the new finding is either dynamic or doesn't have a file_path; Deduplication will not occur") - - if find.hash_code == new_finding.hash_code: - flag_hash = True - - deduplicationLogger.debug( - "deduplication flags for new finding (" + ("dynamic" if new_finding.dynamic_finding else "static") + ") " + str(new_finding.id) + " and existing finding " + str(find.id) - + " flag_endpoints: " + str(flag_endpoints) + " flag_line_path:" + str(flag_line_path) + " flag_hash:" + str(flag_hash)) - - # --------------------------------------------------------- - # 3) Findings are duplicate if (cond1 is true) and they have the same: - # hash - # and (endpoints or (line and file_path) - # --------------------------------------------------------- - if ((flag_endpoints or flag_line_path) and flag_hash): - try: - set_duplicate(new_finding, find) - except Exception as e: - deduplicationLogger.debug(str(e)) - continue - - break - - -def deduplicate_unique_id_from_tool(new_finding): - if new_finding.test.engagement.deduplication_on_engagement: - existing_findings = Finding.objects.filter( - test__engagement=new_finding.test.engagement, - # the unique_id_from_tool is unique for a given tool: do not compare with other tools - test__test_type=new_finding.test.test_type, - unique_id_from_tool=new_finding.unique_id_from_tool).exclude( - id=new_finding.id).exclude( - unique_id_from_tool=None).exclude( - duplicate=True).order_by("id") - else: - existing_findings = Finding.objects.filter( - test__engagement__product=new_finding.test.engagement.product, - # the unique_id_from_tool is unique for a given tool: do not compare with other tools - test__test_type=new_finding.test.test_type, - unique_id_from_tool=new_finding.unique_id_from_tool).exclude( - id=new_finding.id).exclude( - unique_id_from_tool=None).exclude( - duplicate=True).order_by("id") - - deduplicationLogger.debug("Found " - + str(len(existing_findings)) + " findings with same unique_id_from_tool") - for find in existing_findings: - if is_deduplication_on_engagement_mismatch(new_finding, find): - deduplicationLogger.debug( - "deduplication_on_engagement_mismatch, skipping dedupe.") - continue - try: - set_duplicate(new_finding, find) - break - except Exception as e: - deduplicationLogger.debug(str(e)) - continue - - -def deduplicate_hash_code(new_finding): - if new_finding.test.engagement.deduplication_on_engagement: - existing_findings = Finding.objects.filter( - test__engagement=new_finding.test.engagement, - hash_code=new_finding.hash_code).exclude( - id=new_finding.id).exclude( - hash_code=None).exclude( - duplicate=True).order_by("id") - else: - existing_findings = Finding.objects.filter( - test__engagement__product=new_finding.test.engagement.product, - hash_code=new_finding.hash_code).exclude( - id=new_finding.id).exclude( - hash_code=None).exclude( - duplicate=True).order_by("id") - - deduplicationLogger.debug("Found " - + str(len(existing_findings)) + " findings with same hash_code") - for find in existing_findings: - if is_deduplication_on_engagement_mismatch(new_finding, find): - deduplicationLogger.debug( - "deduplication_on_engagement_mismatch, skipping dedupe.") - continue - try: - if are_endpoints_duplicates(new_finding, find): - set_duplicate(new_finding, find) - break - except Exception as e: - deduplicationLogger.debug(str(e)) - continue - - -def deduplicate_uid_or_hash_code(new_finding): - if new_finding.test.engagement.deduplication_on_engagement: - existing_findings = Finding.objects.filter( - (Q(hash_code__isnull=False) & Q(hash_code=new_finding.hash_code)) - # unique_id_from_tool can only apply to the same test_type because it is parser dependent - | (Q(unique_id_from_tool__isnull=False) & Q(unique_id_from_tool=new_finding.unique_id_from_tool) & Q(test__test_type=new_finding.test.test_type)), - test__engagement=new_finding.test.engagement).exclude( - id=new_finding.id).exclude( - duplicate=True).order_by("id") - else: - # same without "test__engagement=new_finding.test.engagement" condition - existing_findings = Finding.objects.filter( - (Q(hash_code__isnull=False) & Q(hash_code=new_finding.hash_code)) - | (Q(unique_id_from_tool__isnull=False) & Q(unique_id_from_tool=new_finding.unique_id_from_tool) & Q(test__test_type=new_finding.test.test_type)), - test__engagement__product=new_finding.test.engagement.product).exclude( - id=new_finding.id).exclude( - duplicate=True).order_by("id") - deduplicationLogger.debug("Found " - + str(len(existing_findings)) + " findings with either the same unique_id_from_tool or hash_code: " + str([find.id for find in existing_findings])) - for find in existing_findings: - if is_deduplication_on_engagement_mismatch(new_finding, find): - deduplicationLogger.debug( - "deduplication_on_engagement_mismatch, skipping dedupe.") - continue - try: - if are_endpoints_duplicates(new_finding, find): - set_duplicate(new_finding, find) - break - except Exception as e: - deduplicationLogger.debug(str(e)) - continue - - -def set_duplicate(new_finding, existing_finding): - deduplicationLogger.debug(f"new_finding.status(): {new_finding.id} {new_finding.status()}") - deduplicationLogger.debug(f"existing_finding.status(): {existing_finding.id} {existing_finding.status()}") - if existing_finding.duplicate: - deduplicationLogger.debug("existing finding: %s:%s:duplicate=%s;duplicate_finding=%s", existing_finding.id, existing_finding.title, existing_finding.duplicate, existing_finding.duplicate_finding.id if existing_finding.duplicate_finding else "None") - msg = "Existing finding is a duplicate" - raise Exception(msg) - if existing_finding.id == new_finding.id: - msg = "Can not add duplicate to itself" - raise Exception(msg) - if is_duplicate_reopen(new_finding, existing_finding): - msg = "Found a regression. Ignore this so that a new duplicate chain can be made" - raise Exception(msg) - if new_finding.duplicate and finding_mitigated(existing_finding): - msg = "Skip this finding as we do not want to attach a new duplicate to a mitigated finding" - raise Exception(msg) - - deduplicationLogger.debug("Setting new finding " + str(new_finding.id) + " as a duplicate of existing finding " + str(existing_finding.id)) - new_finding.duplicate = True - new_finding.active = False - new_finding.verified = False - new_finding.duplicate_finding = existing_finding - - # Make sure transitive duplication is flattened - # if A -> B and B is made a duplicate of C here, aferwards: - # A -> C and B -> C should be true - for find in new_finding.original_finding.all().order_by("-id"): - new_finding.original_finding.remove(find) - set_duplicate(find, existing_finding) - existing_finding.found_by.add(new_finding.test.test_type) - logger.debug("saving new finding: %d", new_finding.id) - super(Finding, new_finding).save() - logger.debug("saving existing finding: %d", existing_finding.id) - super(Finding, existing_finding).save() - - -def is_duplicate_reopen(new_finding, existing_finding) -> bool: - return finding_mitigated(existing_finding) and finding_not_human_set_status(existing_finding) and not finding_mitigated(new_finding) - - -def finding_mitigated(finding: Finding) -> bool: - return finding.active is False and (finding.is_mitigated is True or finding.mitigated is not None) - - -def finding_not_human_set_status(finding: Finding) -> bool: - return finding.out_of_scope is False and finding.false_p is False - - -def set_duplicate_reopen(new_finding, existing_finding): - logger.debug("duplicate reopen existing finding") - existing_finding.mitigated = new_finding.mitigated - existing_finding.is_mitigated = new_finding.is_mitigated - existing_finding.active = new_finding.active - existing_finding.verified = new_finding.verified - existing_finding.notes.create(author=existing_finding.reporter, - entry="This finding has been automatically re-opened as it was found in recent scans.") - existing_finding.save() - - def count_findings(findings: QuerySet) -> tuple[dict["Product", list[int]], dict[str, int]]: agg = ( findings.values(prod_id=F("test__engagement__product_id")) diff --git a/helm/defectdojo/Chart.lock b/helm/defectdojo/Chart.lock index 53a5c180867..ea0498f4989 100644 --- a/helm/defectdojo/Chart.lock +++ b/helm/defectdojo/Chart.lock @@ -2,8 +2,8 @@ dependencies: - name: postgresql repository: oci://us-docker.pkg.dev/os-public-container-registry/defectdojo version: 16.7.27 -- name: redis - repository: oci://us-docker.pkg.dev/os-public-container-registry/defectdojo - version: 19.6.4 -digest: sha256:b22ad615baaa104a188c735f74ddddaec83b698315bb82f722679f762be64b50 -generated: "2025-08-27T11:22:22.13669-05:00" +- name: valkey + repository: oci://registry-1.docker.io/cloudpirates + version: 0.10.2 +digest: sha256:65773fc2a992a5688995a98ed396ca54de12b88fd7b124459a39961801ae62f3 +generated: "2025-11-25T20:48:39.324383+01:00" diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 182d0bfd1e7..73fb143f401 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.52.3" +appVersion: "2.53.0" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.8.3 +version: 1.9.0 icon: https://defectdojo.com/hubfs/DefectDojo_favicon.png maintainers: - name: madchap @@ -13,10 +13,10 @@ dependencies: version: ~16.7.0 repository: "oci://us-docker.pkg.dev/os-public-container-registry/defectdojo" condition: postgresql.enabled - - name: redis - version: ~19.6.4 - repository: "oci://us-docker.pkg.dev/os-public-container-registry/defectdojo" - condition: redis.enabled + - name: valkey + version: ~0.10.0 + repository: "oci://registry-1.docker.io/cloudpirates" + condition: valkey.enabled # For correct syntax, check https://artifacthub.io/docs/topics/annotations/helm/ # This is example for "artifacthub.io/changes" # artifacthub.io/changes: | @@ -34,4 +34,16 @@ dependencies: # description: Critical bug annotations: artifacthub.io/prerelease: "false" - artifacthub.io/changes: "- kind: changed\n description: Bump DefectDojo to 2.52.3\n" + artifacthub.io/changes: | + - kind: added + description: Added HPA and PDB for celery worker and Django + - kind: fixed + description: extraAnnotations spec doesn't affect initializer job + - kind: changed + description: chore(deps)_ update gcr.io/cloudsql_docker/gce_proxy docker tag from 1.37.9 to v1.37.10 (helm/defectdojo/values.yaml) + - kind: changed + description: chore(deps)_ update nginx/nginx_prometheus_exporter docker tag from 1.4.2 to v1.5.1 (helm/defectdojo/values.yaml) + - kind: changed + description: Replace Redis with Valkey + - kind: changed + description: Bump DefectDojo to 2.53.0 diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md index 02c9da17348..a0acfbdb0ec 100644 --- a/helm/defectdojo/README.md +++ b/helm/defectdojo/README.md @@ -94,7 +94,7 @@ helm install \ --set django.ingress.enabled=${DJANGO_INGRESS_ENABLED} \ --set django.ingress.activateTLS=${DJANGO_INGRESS_ACTIVATE_TLS} \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true ``` @@ -280,10 +280,10 @@ helm install \ --set host="defectdojo.${TLS_CERT_DOMAIN}" \ --set django.ingress.secretName="minikube-tls" \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true -# For high availability deploy multiple instances of Django, Celery and Redis +# For high availability deploy multiple instances of Django, Celery and Valkey helm install \ defectdojo \ ./helm/defectdojo \ @@ -292,9 +292,10 @@ helm install \ --set django.ingress.secretName="minikube-tls" \ --set django.replicas=3 \ --set celery.worker.replicas=3 \ - --set redis.replicas=3 \ + --set valkey.architecture=replication \ + --set valkey.replicaCount=3 \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true # Run highly available PostgreSQL cluster @@ -306,13 +307,14 @@ helm install \ --set host="defectdojo.${TLS_CERT_DOMAIN}" \ --set django.replicas=3 \ --set celery.worker.replicas=3 \ - --set redis.replicas=3 \ + --set valkey.architecture=replication \ + --set valkey.replicaCount=3 \ --set django.ingress.secretName="minikube-tls" \ --set postgresql.enabled=true \ --set postgresql.replication.enabled=true \ --set postgresql.replication.slaveReplicas=3 \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true # Note: If you run `helm install defectdojo before, you will get an error @@ -359,16 +361,13 @@ You will still need to set a host value as well. If you want to use a redis-sentinel setup as the Celery broker, you will need to set the following. -1. Set redis.scheme to "sentinel" in values.yaml +1. Set valkey.scheme to "sentinel" in values.yaml 2. Set two additional extraEnv vars specifying the sentinel master name and port in values.yaml ```yaml -celery: - broker: 'redis' - -redis: - redisServer: 'PutYourRedisSentinelAddress' +valkey: scheme: 'sentinel' +redisServer: 'PutYourRedisSentinelAddress' extraEnv: - name: DD_CELERY_BROKER_TRANSPORT_OPTIONS @@ -451,10 +450,10 @@ extraEnv: #### Step 4: Deploy DefectDojo -After modifying the `values.yaml` file as needed, deploy DefectDojo using Helm. This command also generates the required secrets for the DefectDojo admin UI and Redis: +After modifying the `values.yaml` file as needed, deploy DefectDojo using Helm. This command also generates the required secrets for the DefectDojo admin UI and Valkey: ```bash -helm install defectdojo defectdojo -f values.yaml -n defectdojo --set createSecret=true --set createRedisSecret=true +helm install defectdojo defectdojo -f values.yaml -n defectdojo --set createSecret=true --set createValkeySecret=true ``` **NOTE**: It is important to highlight that this setup can also be utilized for achieving high availability (HA) in PostgreSQL. By placing a load balancer in front of the PostgreSQL cluster, read and write requests can be efficiently routed to the appropriate primary or standby servers as needed. @@ -512,7 +511,7 @@ The HELM schema will be generated for you. # General information about chart values -![Version: 1.8.3](https://img.shields.io/badge/Version-1.8.3-informational?style=flat-square) ![AppVersion: 2.52.3](https://img.shields.io/badge/AppVersion-2.52.3-informational?style=flat-square) +![Version: 1.9.0](https://img.shields.io/badge/Version-1.9.0-informational?style=flat-square) ![AppVersion: 2.53.0](https://img.shields.io/badge/AppVersion-2.53.0-informational?style=flat-square) A Helm chart for Kubernetes to install DefectDojo @@ -526,8 +525,8 @@ A Helm chart for Kubernetes to install DefectDojo | Repository | Name | Version | |------------|------|---------| +| oci://registry-1.docker.io/cloudpirates | valkey | ~0.10.0 | | oci://us-docker.pkg.dev/os-public-container-registry/defectdojo | postgresql | ~16.7.0 | -| oci://us-docker.pkg.dev/os-public-container-registry/defectdojo | redis | ~19.6.4 | ## Values @@ -564,12 +563,12 @@ A Helm chart for Kubernetes to install DefectDojo | celery.beat.resources.requests.memory | string | `"128Mi"` | | | celery.beat.startupProbe | object | `{}` | Enable startup probe for Celery beat container. | | celery.beat.tolerations | list | `[]` | | -| celery.broker | string | `"redis"` | | | celery.logLevel | string | `"INFO"` | | | celery.worker.affinity | object | `{}` | | | celery.worker.annotations | object | `{}` | Annotations for the Celery worker deployment. | | celery.worker.appSettings.poolType | string | `"solo"` | Performance improved celery worker config when needing to deal with a lot of findings (e.g deduplication ops) poolType: prefork autoscaleMin: 2 autoscaleMax: 8 concurrency: 8 prefetchMultiplier: 128 | | celery.worker.automountServiceAccountToken | bool | `false` | | +| celery.worker.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80}` | Autoscaling configuration for Celery worker deployment. | | celery.worker.containerSecurityContext | object | `{}` | Container security context for the Celery worker containers. | | celery.worker.extraEnv | list | `[]` | Additional environment variables injected to Celery worker containers. | | celery.worker.extraInitContainers | list | `[]` | A list of additional initContainers to run before celery worker containers. | @@ -578,7 +577,8 @@ A Helm chart for Kubernetes to install DefectDojo | celery.worker.image | object | `{"digest":"","registry":"","repository":"","tag":""}` | If empty, uses values from images.django.image | | celery.worker.livenessProbe | object | `{}` | Enable liveness probe for Celery worker containers. ``` exec: command: - bash - -c - celery -A dojo inspect ping -t 5 initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 10 ``` | | celery.worker.nodeSelector | object | `{}` | | -| celery.worker.podAnnotations | object | `{}` | Annotations for the Celery beat pods. | +| celery.worker.podAnnotations | object | `{}` | Annotations for the Celery worker pods. | +| celery.worker.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for Celery worker ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget | | celery.worker.podSecurityContext | object | `{}` | Pod security context for the Celery worker pods. | | celery.worker.readinessProbe | object | `{}` | Enable readiness probe for Celery worker container. | | celery.worker.replicas | int | `1` | | @@ -587,21 +587,22 @@ A Helm chart for Kubernetes to install DefectDojo | celery.worker.resources.requests.cpu | string | `"100m"` | | | celery.worker.resources.requests.memory | string | `"128Mi"` | | | celery.worker.startupProbe | object | `{}` | Enable startup probe for Celery worker container. | +| celery.worker.terminationGracePeriodSeconds | int | `300` | | | celery.worker.tolerations | list | `[]` | | -| cloudsql | object | `{"containerSecurityContext":{},"enable_iam_login":false,"enabled":false,"extraEnv":[],"extraVolumeMounts":[],"image":{"pullPolicy":"IfNotPresent","repository":"gcr.io/cloudsql-docker/gce-proxy","tag":"1.37.9"},"instance":"","resources":{},"use_private_ip":false,"verbose":true}` | Google CloudSQL support in GKE via gce-proxy | +| cloudsql | object | `{"containerSecurityContext":{},"enable_iam_login":false,"enabled":false,"extraEnv":[],"extraVolumeMounts":[],"image":{"pullPolicy":"IfNotPresent","repository":"gcr.io/cloudsql-docker/gce-proxy","tag":"1.37.10"},"instance":"","resources":{},"use_private_ip":false,"verbose":true}` | Google CloudSQL support in GKE via gce-proxy | | cloudsql.containerSecurityContext | object | `{}` | Optional: security context for the CloudSQL proxy container. | | cloudsql.enable_iam_login | bool | `false` | use IAM database authentication | | cloudsql.enabled | bool | `false` | To use CloudSQL in GKE set 'enable: true' | | cloudsql.extraEnv | list | `[]` | Additional environment variables for the CloudSQL proxy container. | | cloudsql.extraVolumeMounts | list | `[]` | Array of additional volume mount points for the CloudSQL proxy container | -| cloudsql.image | object | `{"pullPolicy":"IfNotPresent","repository":"gcr.io/cloudsql-docker/gce-proxy","tag":"1.37.9"}` | set repo and image tag of gce-proxy | +| cloudsql.image | object | `{"pullPolicy":"IfNotPresent","repository":"gcr.io/cloudsql-docker/gce-proxy","tag":"1.37.10"}` | set repo and image tag of gce-proxy | | cloudsql.instance | string | `""` | set CloudSQL instance: 'project:zone:instancename' | | cloudsql.resources | object | `{}` | Optional: add resource requests/limits for the CloudSQL proxy container. | | cloudsql.use_private_ip | bool | `false` | whether to use a private IP to connect to the database | | cloudsql.verbose | bool | `true` | By default, the proxy has verbose logging. Set this to false to make it less verbose | | createPostgresqlSecret | bool | `false` | create postgresql secret in defectdojo chart, outside of postgresql chart | -| createRedisSecret | bool | `false` | create redis secret in defectdojo chart, outside of redis chart | | createSecret | bool | `false` | create defectdojo specific secret | +| createValkeySecret | bool | `false` | create valkey secret in defectdojo chart, outside of valkey chart | | dbMigrationChecker.containerSecurityContext | object | `{}` | Container security context for the DB migration checker. | | dbMigrationChecker.enabled | bool | `true` | Enable/disable the DB migration checker. | | dbMigrationChecker.extraEnv | list | `[]` | Additional environment variables for DB migration checker. | @@ -612,6 +613,7 @@ A Helm chart for Kubernetes to install DefectDojo | django.affinity | object | `{}` | | | django.annotations | object | `{}` | | | django.automountServiceAccountToken | bool | `false` | | +| django.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80}` | Autoscaling configuration for the Django deployment. | | django.extraEnv | list | `[]` | Additional environment variables injected to all Django containers and initContainers. | | django.extraInitContainers | list | `[]` | A list of additional initContainers to run before the uwsgi and nginx containers. | | django.extraVolumeMounts | list | `[]` | Array of additional volume mount points common to all containers and initContainers. | @@ -639,11 +641,13 @@ A Helm chart for Kubernetes to install DefectDojo | django.nginx.tls.enabled | bool | `false` | | | django.nginx.tls.generateCertificate | bool | `false` | | | django.nodeSelector | object | `{}` | | +| django.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for django ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget | | django.podSecurityContext | object | `{"fsGroup":1001}` | Pod security context for the Django pods. | | django.replicas | int | `1` | | | django.service.annotations | object | `{}` | | | django.service.type | string | `""` | | | django.strategy | object | `{}` | | +| django.terminationGracePeriodSeconds | int | `60` | | | django.tolerations | list | `[]` | | | django.uwsgi.appSettings.maxFd | int | `0` | Use this value to set the maximum number of file descriptors. If set to 0 will be detected by uwsgi e.g. 102400 | | django.uwsgi.appSettings.processes | int | `4` | | @@ -700,7 +704,6 @@ A Helm chart for Kubernetes to install DefectDojo | images.nginx.image.repository | string | `"defectdojo/defectdojo-nginx"` | | | images.nginx.image.tag | string | `""` | If empty, use appVersion. Another possible values are: latest, X.X.X, X.X.X-alpine (where X.X.X is version of DD). For dev builds (only for testing purposes): nightly-dev, nightly-dev-alpine. To see all, check https://hub.docker.com/r/defectdojo/defectdojo-nginx/tags. | | initializer.affinity | object | `{}` | | -| initializer.annotations | object | `{}` | | | initializer.automountServiceAccountToken | bool | `false` | | | initializer.containerSecurityContext | object | `{}` | Container security context for the initializer Job container | | initializer.extraEnv | list | `[]` | Additional environment variables injected to the initializer job pods. | @@ -711,6 +714,7 @@ A Helm chart for Kubernetes to install DefectDojo | initializer.keepSeconds | int | `60` | A positive integer will keep this Job and Pod deployed for the specified number of seconds, after which they will be removed. For all other values, the Job and Pod will remain deployed. | | initializer.labels | object | `{}` | | | initializer.nodeSelector | object | `{}` | | +| initializer.podAnnotations | object | `{}` | | | initializer.podSecurityContext | object | `{}` | Pod security context for the initializer Job | | initializer.resources.limits.cpu | string | `"2000m"` | | | initializer.resources.limits.memory | string | `"512Mi"` | | @@ -728,7 +732,7 @@ A Helm chart for Kubernetes to install DefectDojo | monitoring.prometheus.image.digest | string | `""` | | | monitoring.prometheus.image.registry | string | `""` | | | monitoring.prometheus.image.repository | string | `"nginx/nginx-prometheus-exporter"` | | -| monitoring.prometheus.image.tag | string | `"1.4.2"` | | +| monitoring.prometheus.image.tag | string | `"1.5.1"` | | | monitoring.prometheus.imagePullPolicy | string | `"IfNotPresent"` | | | monitoring.prometheus.resources | object | `{}` | Optional: add resource requests/limits for the nginx prometheus exporter container | | networkPolicy | object | `{"annotations":{},"egress":[],"enabled":false,"ingress":[],"ingressExtend":[]}` | Enables application network policy For more info follow https://kubernetes.io/docs/concepts/services-networking/network-policies/ | @@ -744,10 +748,9 @@ A Helm chart for Kubernetes to install DefectDojo | postgresql.primary.podSecurityContext.enabled | bool | `true` | Default is true for K8s. Enabled needs to false for OpenShift restricted SCC and true for anyuid SCC | | postgresql.primary.podSecurityContext.fsGroup | int | `1001` | fsGroup specification below is not applied if enabled=false. enabled=false is the required setting for OpenShift "restricted SCC" to work successfully. | | postgresql.volumePermissions.containerSecurityContext | object | `{"runAsUser":1001}` | if using restricted SCC set runAsUser: "auto" and if running under anyuid SCC - runAsUser needs to match the line above | -| redis | object | `{"architecture":"standalone","auth":{"existingSecret":"defectdojo-redis-specific","existingSecretPasswordKey":"redis-password","password":""},"enabled":true,"sentinel":{"enabled":false},"tls":{"enabled":false}}` | For more advance options check the bitnami chart documentation: https://github.com/bitnami/charts/tree/main/bitnami/redis | -| redis.enabled | bool | `true` | To use an external instance, switch enabled to `false`` and set the address in `redisServer` below | -| redis.tls.enabled | bool | `false` | If TLS is enabled, the Redis broker will use the redis:// and optionally mount the certificates from an existing secret. | -| redisParams | string | `""` | Parameters attached to the redis connection string, defaults to "ssl_cert_reqs=optional" if `redis.tls.enabled` | +| redisParams | string | `""` | Parameters attached to the redis connection string, defaults to "ssl_cert_reqs=optional" if `redisScheme` is `rediss` | +| redisPort | int | `6379` | Define the protocol to use with the external Redis instance | +| redisScheme | string | `"redis"` | Define the protocol to use with the external Redis instance | | redisServer | string | `nil` | To use an external Redis instance, set `redis.enabled` to false and set the address here: | | revisionHistoryLimit | int | `10` | Allow overriding of revisionHistoryLimit across all deployments. | | secrets.annotations | object | `{}` | Add annotations for secret resources | @@ -764,6 +767,11 @@ A Helm chart for Kubernetes to install DefectDojo | tests.unitTests.resources.requests.cpu | string | `"100m"` | | | tests.unitTests.resources.requests.memory | string | `"128Mi"` | | | trackConfig | string | `"disabled"` | Track configuration (trackConfig): will automatically respin application pods in case of config changes detection can be: 1. disabled (default) 2. enabled, enables tracking configuration changes based on SHA256 | +| valkey | object | `{"auth":{"existingSecret":"defectdojo-valkey-specific","existingSecretPasswordKey":"valkey-password","password":""},"enabled":true,"sentinel":{"enabled":false},"service":{"port":6379},"tls":{"enabled":false}}` | For more advance options check the bitnami chart documentation: https://artifacthub.io/packages/helm/cloudpirates-valkey/valkey | +| valkey.enabled | bool | `true` | To use an external instance, switch enabled to `false` and set the address in `redisServer` below | +| valkey.service | object | `{"port":6379}` | To use a different port for Redis (default: 6379) | +| valkey.tls.enabled | bool | `false` | If TLS is enabled, the Redis broker will use the redis:// and optionally mount the certificates from an existing secret. | +| valkeyParams | string | `""` | Parameters attached to the valkey connection string, defaults to "ssl_cert_reqs=optional" if `valkey.tls.enabled` | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/defectdojo/README.md.gotmpl b/helm/defectdojo/README.md.gotmpl index 2edff657296..b596d0dff6c 100644 --- a/helm/defectdojo/README.md.gotmpl +++ b/helm/defectdojo/README.md.gotmpl @@ -94,7 +94,7 @@ helm install \ --set django.ingress.enabled=${DJANGO_INGRESS_ENABLED} \ --set django.ingress.activateTLS=${DJANGO_INGRESS_ACTIVATE_TLS} \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true ``` @@ -280,10 +280,10 @@ helm install \ --set host="defectdojo.${TLS_CERT_DOMAIN}" \ --set django.ingress.secretName="minikube-tls" \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true -# For high availability deploy multiple instances of Django, Celery and Redis +# For high availability deploy multiple instances of Django, Celery and Valkey helm install \ defectdojo \ ./helm/defectdojo \ @@ -292,9 +292,10 @@ helm install \ --set django.ingress.secretName="minikube-tls" \ --set django.replicas=3 \ --set celery.worker.replicas=3 \ - --set redis.replicas=3 \ + --set valkey.architecture=replication \ + --set valkey.replicaCount=3 \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true # Run highly available PostgreSQL cluster @@ -306,13 +307,14 @@ helm install \ --set host="defectdojo.${TLS_CERT_DOMAIN}" \ --set django.replicas=3 \ --set celery.worker.replicas=3 \ - --set redis.replicas=3 \ + --set valkey.architecture=replication \ + --set valkey.replicaCount=3 \ --set django.ingress.secretName="minikube-tls" \ --set postgresql.enabled=true \ --set postgresql.replication.enabled=true \ --set postgresql.replication.slaveReplicas=3 \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true # Note: If you run `helm install defectdojo before, you will get an error @@ -359,16 +361,13 @@ You will still need to set a host value as well. If you want to use a redis-sentinel setup as the Celery broker, you will need to set the following. -1. Set redis.scheme to "sentinel" in values.yaml +1. Set valkey.scheme to "sentinel" in values.yaml 2. Set two additional extraEnv vars specifying the sentinel master name and port in values.yaml ```yaml -celery: - broker: 'redis' - -redis: - redisServer: 'PutYourRedisSentinelAddress' +valkey: scheme: 'sentinel' +redisServer: 'PutYourRedisSentinelAddress' extraEnv: - name: DD_CELERY_BROKER_TRANSPORT_OPTIONS @@ -451,10 +450,10 @@ extraEnv: #### Step 4: Deploy DefectDojo -After modifying the `values.yaml` file as needed, deploy DefectDojo using Helm. This command also generates the required secrets for the DefectDojo admin UI and Redis: +After modifying the `values.yaml` file as needed, deploy DefectDojo using Helm. This command also generates the required secrets for the DefectDojo admin UI and Valkey: ```bash -helm install defectdojo defectdojo -f values.yaml -n defectdojo --set createSecret=true --set createRedisSecret=true +helm install defectdojo defectdojo -f values.yaml -n defectdojo --set createSecret=true --set createValkeySecret=true ``` diff --git a/helm/defectdojo/templates/_helpers.tpl b/helm/defectdojo/templates/_helpers.tpl index b6243d6ac19..aaf7981e34e 100644 --- a/helm/defectdojo/templates/_helpers.tpl +++ b/helm/defectdojo/templates/_helpers.tpl @@ -58,27 +58,51 @@ {{- end -}} {{- define "redis.hostname" -}} -{{- if eq .Values.celery.broker "redis" -}} -{{- if .Values.redis.enabled -}} -{{- printf "%s-%s" .Release.Name "redis-master" | trunc 63 | trimSuffix "-" -}} +{{- if .Values.valkey.enabled -}} +{{- printf "%s-%s" .Release.Name "valkey" | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- .Values.redisServer | default "127.0.0.1" | quote -}} {{- end -}} {{- end -}} + +{{- /* + Determine the default params to use for Redis. +*/}} +{{- define "redis.params" -}} +{{- $redisScheme := include "redis.scheme" . -}} +{{- $defaultBrokerParams := ternary "ssl_cert_reqs=optional" "" (eq "rediss" $redisScheme) -}} +{{- if .Values.valkey.enabled -}} +{{- default $defaultBrokerParams .Values.valkeyParams -}} +{{- else -}} +{{- default $defaultBrokerParams .Values.redisParams -}} +{{- end -}} {{- end -}} {{- /* Determine the protocol to use for Redis. */}} {{- define "redis.scheme" -}} -{{- if eq .Values.celery.broker "redis" -}} -{{- if .Values.redis.tls.enabled -}} -{{- printf "rediss" -}} -{{- else if .Values.redis.sentinel.enabled -}} -{{- printf "sentinel" -}} +{{- if .Values.valkey.enabled -}} +{{- if .Values.valkey.tls.enabled -}} +rediss +{{- else if .Values.valkey.sentinel.enabled -}} +sentinel +{{- else -}} +redis +{{- end -}} {{- else -}} -{{- printf "redis" -}} +{{- .Values.redisScheme -}} +{{- end -}} {{- end -}} + +{{- /* + Determine the default port to use for Redis. +*/}} +{{- define "redis.port" -}} +{{- if .Values.valkey.enabled -}} +{{- .Values.valkey.service.port -}} +{{- else -}} +{{- .Values.redisPort -}} {{- end -}} {{- end -}} diff --git a/helm/defectdojo/templates/celery-beat-deployment.yaml b/helm/defectdojo/templates/celery-beat-deployment.yaml index b1832f71e29..be3c5e84ef0 100644 --- a/helm/defectdojo/templates/celery-beat-deployment.yaml +++ b/helm/defectdojo/templates/celery-beat-deployment.yaml @@ -144,10 +144,8 @@ spec: - name: DD_CELERY_BROKER_PASSWORD valueFrom: secretKeyRef: - {{- if eq .Values.celery.broker "redis" }} - name: {{ .Values.redis.auth.existingSecret | default "defectdojo-redis-specific" }} - key: {{ .Values.redis.auth.existingSecretPasswordKey | default "redis-password" }} - {{- end }} + name: {{ .Values.valkey.auth.existingSecret | default "defectdojo-valkey-specific" }} + key: {{ .Values.valkey.auth.existingSecretPasswordKey | default "valkey-password" }} - name: DD_DATABASE_PASSWORD valueFrom: secretKeyRef: diff --git a/helm/defectdojo/templates/celery-worker-deployment.yaml b/helm/defectdojo/templates/celery-worker-deployment.yaml index 14ddcf79f4b..30620c91155 100644 --- a/helm/defectdojo/templates/celery-worker-deployment.yaml +++ b/helm/defectdojo/templates/celery-worker-deployment.yaml @@ -139,10 +139,8 @@ spec: - name: DD_CELERY_BROKER_PASSWORD valueFrom: secretKeyRef: - {{- if eq .Values.celery.broker "redis" }} - name: {{ .Values.redis.auth.existingSecret| default "defectdojo-redis-specific" }} - key: {{ .Values.redis.auth.existingSecretPasswordKey | default "redis-password" }} - {{- end }} + name: {{ .Values.valkey.auth.existingSecret| default "defectdojo-valkey-specific" }} + key: {{ .Values.valkey.auth.existingSecretPasswordKey | default "valkey-password" }} - name: DD_DATABASE_PASSWORD valueFrom: secretKeyRef: @@ -170,6 +168,10 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.celery.worker.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.celery.worker.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/helm/defectdojo/templates/celery-worker-hpa.yaml b/helm/defectdojo/templates/celery-worker-hpa.yaml new file mode 100644 index 00000000000..a47fd64a111 --- /dev/null +++ b/helm/defectdojo/templates/celery-worker-hpa.yaml @@ -0,0 +1,51 @@ +{{- if .Values.celery.worker.autoscaling.enabled -}} +{{- $fullName := include "defectdojo.fullname" . -}} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + {{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.worker.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{- end }} + name: {{ $fullName }}-celery-worker + namespace: {{ .Release.Namespace }} + labels: + defectdojo.org/component: celery + defectdojo.org/subcomponent: worker + app.kubernetes.io/name: {{ include "defectdojo.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ quote $value }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: "Deployment" + name: {{ $fullName }}-celery-worker + minReplicas: {{ .Values.celery.worker.autoscaling.minReplicas }} + maxReplicas: {{ .Values.celery.worker.autoscaling.maxReplicas }} + metrics: + {{- with .Values.celery.worker.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- with .Values.celery.worker.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- with .Values.celery.worker.autoscaling.behavior }} + behavior: {{ toYaml .Values.celery.worker.autoscaling.behavior | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/defectdojo/templates/celery-worker-pdb.yaml b/helm/defectdojo/templates/celery-worker-pdb.yaml new file mode 100644 index 00000000000..d91da9e7224 --- /dev/null +++ b/helm/defectdojo/templates/celery-worker-pdb.yaml @@ -0,0 +1,31 @@ +{{- if and .Values.celery.worker.podDisruptionBudget.enabled (or (gt (int .Values.celery.worker.replicas) 1) .Values.celery.worker.autoscaling.enabled) }} +{{- $fullName := include "defectdojo.fullname" . -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + {{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.worker.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{- end }} + labels: + defectdojo.org/component: celery + defectdojo.org/subcomponent: worker + app.kubernetes.io/name: {{ include "defectdojo.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ quote $value }} + {{- end }} + name: {{ $fullName }}-celery-worker + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "defectdojo.name" . }} + defectdojo.org/component: celery + defectdojo.org/subcomponent: worker +{{ toYaml (omit .Values.celery.worker.podDisruptionBudget "enabled" ) | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/helm/defectdojo/templates/configmap.yaml b/helm/defectdojo/templates/configmap.yaml index d25926c2c3f..8f1d510a1a4 100644 --- a/helm/defectdojo/templates/configmap.yaml +++ b/helm/defectdojo/templates/configmap.yaml @@ -1,5 +1,6 @@ {{- $fullName := include "defectdojo.fullname" . -}} -{{- $defaultBrokerParams := ternary "ssl_cert_reqs=optional" "" .Values.redis.tls.enabled -}} +{{- $redisScheme := include "redis.scheme" . -}} +{{- $defaultBrokerParams := ternary "ssl_cert_reqs=optional" "" (eq "rediss" $redisScheme) -}} apiVersion: v1 kind: ConfigMap metadata: @@ -26,11 +27,11 @@ data: DD_ADMIN_LAST_NAME: {{ .Values.admin.LastName | default "User" }} DD_ALLOWED_HOSTS: {{ include "django.allowed_hosts" . }} DD_SITE_URL: {{ .Values.siteUrl | default "http://localhost:8080" }} - DD_CELERY_BROKER_SCHEME: {{ if eq .Values.celery.broker "redis" }}{{ template "redis.scheme" . }}{{ end }} + DD_CELERY_BROKER_SCHEME: {{ template "redis.scheme" . }} DD_CELERY_BROKER_USER: '' - DD_CELERY_BROKER_HOST: {{ if eq .Values.celery.broker "redis" }}{{ template "redis.hostname" . }}{{ end }} - DD_CELERY_BROKER_PORT: '{{ if eq .Values.celery.broker "redis" }}{{- if ( hasKey .Values.redis "master" ) -}}{{ .Values.redis.master.service.ports.redis }}{{ else }}6379{{ end }}{{- end -}}' - DD_CELERY_BROKER_PARAMS: '{{ .Values.redisParams | default $defaultBrokerParams }}' + DD_CELERY_BROKER_HOST: {{ template "redis.hostname" . }} + DD_CELERY_BROKER_PORT: '{{ template "redis.port" . }}' + DD_CELERY_BROKER_PARAMS: '{{ template "redis.params" . }}' DD_CELERY_BROKER_PATH: '{{ .Values.celery.path | default "//" }}' DD_CELERY_LOG_LEVEL: {{ .Values.celery.logLevel }} DD_CELERY_WORKER_POOL_TYPE: {{ .Values.celery.worker.appSettings.poolType | default "solo" }} diff --git a/helm/defectdojo/templates/django-deployment.yaml b/helm/defectdojo/templates/django-deployment.yaml index b4eee529383..0a5e86ff420 100644 --- a/helm/defectdojo/templates/django-deployment.yaml +++ b/helm/defectdojo/templates/django-deployment.yaml @@ -199,10 +199,8 @@ spec: - name: DD_CELERY_BROKER_PASSWORD valueFrom: secretKeyRef: - {{- if eq .Values.celery.broker "redis" }} - name: {{ .Values.redis.auth.existingSecret | default "defectdojo-redis-specific" }} - key: {{ .Values.redis.auth.existingSecretPasswordKey | default "redis-password" }} - {{- end }} + name: {{ .Values.valkey.auth.existingSecret | default "defectdojo-valkey-specific" }} + key: {{ .Values.valkey.auth.existingSecretPasswordKey | default "valkey-password" }} {{- if .Values.django.uwsgi.enableDebug }} - name: DD_DEBUG value: 'True' @@ -372,6 +370,10 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.django.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.django.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/helm/defectdojo/templates/django-hpa.yaml b/helm/defectdojo/templates/django-hpa.yaml new file mode 100644 index 00000000000..64999a80031 --- /dev/null +++ b/helm/defectdojo/templates/django-hpa.yaml @@ -0,0 +1,50 @@ +{{- if .Values.django.autoscaling.enabled -}} +{{- $fullName := include "defectdojo.fullname" . -}} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + {{- with mergeOverwrite dict .Values.extraAnnotations .Values.django.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{- end }} + name: {{ $fullName }}-django + namespace: {{ .Release.Namespace }} + labels: + defectdojo.org/component: django + app.kubernetes.io/name: {{ include "defectdojo.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ quote $value }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: "Deployment" + name: {{ $fullName }}-django + minReplicas: {{ .Values.django.autoscaling.minReplicas }} + maxReplicas: {{ .Values.django.autoscaling.maxReplicas }} + metrics: + {{- with .Values.django.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- with .Values.django.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- with .Values.django.autoscaling.behavior }} + behavior: {{ toYaml .Values.django.autoscaling.behavior | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/defectdojo/templates/django-pdb.yaml b/helm/defectdojo/templates/django-pdb.yaml new file mode 100644 index 00000000000..f215ca58760 --- /dev/null +++ b/helm/defectdojo/templates/django-pdb.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.django.podDisruptionBudget.enabled (or (gt (int .Values.django.replicas) 1) .Values.django.autoscaling.enabled) }} +{{- $fullName := include "defectdojo.fullname" . -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + {{- with mergeOverwrite dict .Values.extraAnnotations .Values.django.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{- end }} + labels: + defectdojo.org/component: django + app.kubernetes.io/name: {{ include "defectdojo.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ quote $value }} + {{- end }} + name: {{ $fullName }}-django + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "defectdojo.name" . }} + defectdojo.org/component: django +{{ toYaml (omit .Values.django.podDisruptionBudget "enabled" ) | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/helm/defectdojo/templates/initializer-job.yaml b/helm/defectdojo/templates/initializer-job.yaml index 43dcd269d8f..15d56d4f7fc 100644 --- a/helm/defectdojo/templates/initializer-job.yaml +++ b/helm/defectdojo/templates/initializer-job.yaml @@ -36,9 +36,11 @@ spec: {{- with .Values.initializer.labels }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with mergeOverwrite dict .Values.extraAnnotations .Values.initializer.podAnnotations }} annotations: - {{- with .Values.initializer.annotations }} - {{- toYaml . | nindent 8 }} + {{- range $key, $value := . }} + {{ $key }}: {{ quote $value }} + {{- end }} {{- end }} spec: {{- if .Values.securityContext.enabled }} diff --git a/helm/defectdojo/templates/secret-redis.yaml b/helm/defectdojo/templates/secret-redis.yaml deleted file mode 100644 index b2a5a3a84c2..00000000000 --- a/helm/defectdojo/templates/secret-redis.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.createRedisSecret -}} -apiVersion: v1 -kind: Secret -metadata: - annotations: - {{- if (not .Values.disableHooks) }} - helm.sh/resource-policy: keep - helm.sh/hook: "pre-install" - helm.sh/hook-delete-policy: "before-hook-creation" - {{- end }} - {{- range $key, $value := mergeOverwrite dict .Values.extraAnnotations .Values.secrets.annotations }} - {{ $key }}: {{ quote $value }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "defectdojo.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "defectdojo.chart" . }} - {{- range $key, $value := .Values.extraLabels }} - {{ $key }}: {{ quote $value }} - {{- end }} - name: {{ .Values.redis.auth.existingSecret }} - namespace: {{ .Release.Namespace }} -type: Opaque -data: -{{- if .Values.redis.auth.password }} - {{ .Values.redis.auth.existingSecretPasswordKey }}: {{ .Values.redis.auth.password | b64enc | quote }} -{{- else }} - {{ .Values.redis.auth.existingSecretPasswordKey }}: {{ randAlphaNum 10 | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/helm/defectdojo/templates/secret-valkey.yaml b/helm/defectdojo/templates/secret-valkey.yaml new file mode 100644 index 00000000000..bbfffa3ab78 --- /dev/null +++ b/helm/defectdojo/templates/secret-valkey.yaml @@ -0,0 +1,43 @@ +{{- if .Values.createValkeySecret -}} +apiVersion: v1 +kind: Secret +metadata: + annotations: + {{- if (not .Values.disableHooks) }} + helm.sh/resource-policy: keep + {{- if or (not (lookup "v1" "Secret" .Release.Namespace "defectdojo-redis-specific")) (lookup "v1" "Secret" .Release.Namespace .Values.valkey.auth.existingSecret) }} + helm.sh/hook: "pre-install" + {{- else }} + helm.sh/hook: "pre-upgrade" + {{- end }} + helm.sh/hook-delete-policy: "before-hook-creation" + {{- end }} + {{- range $key, $value := mergeOverwrite dict .Values.extraAnnotations .Values.secrets.annotations }} + {{ $key }}: {{ quote $value }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "defectdojo.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ quote $value }} + {{- end }} + name: {{ .Values.valkey.auth.existingSecret }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: +{{- if .Values.valkey.auth.password }} + {{ .Values.valkey.auth.existingSecretPasswordKey }}: {{ .Values.valkey.auth.password | b64enc | quote }} +{{- else }} + {{ .Values.valkey.auth.existingSecretPasswordKey }}: {{ randAlphaNum 10 | b64enc | quote }} +{{- end }} +{{- end }} + +--- +{{- if .Values.createRedisSecret -}} +{{- fail "Error: 'createRedisSecret' value is not supported anymore. Because of license reason, DefectDojo migrated to Valkey. Use 'createValkeySecret' instead. To be sure that you Redis is migrated to Valkey correctly, please follow release notes." }} +{{- end }} +{{- if .Values.redis -}} +{{- fail "Error: Redis is not officialy part of DefectDojo stack anymore. If you have any values in `redis:` section in `values.yaml` file, please migrate them to `valkey:` section. If you are using external Redis (or Redis-compatible) instance, related values about your instance needs to be stored in `redisServer` and `redisParams` variables. For more information, please follow release notes." }} +{{- end }} diff --git a/helm/defectdojo/templates/tests/unit-tests.yaml b/helm/defectdojo/templates/tests/unit-tests.yaml index 01fa4cf1041..efa6b2c39c3 100644 --- a/helm/defectdojo/templates/tests/unit-tests.yaml +++ b/helm/defectdojo/templates/tests/unit-tests.yaml @@ -36,10 +36,8 @@ spec: valueFrom: secretKeyRef: # Use broker chart secret - # name: {{ $fullName }}-{{ .Values.celery.broker }} - # Use secret handled outside of the chart - name: defectdojo-{{ .Values.celery.broker }}-specific - key: {{ .Values.celery.broker }}-password + name: defectdojo-valkey-specific + key: valkey-password - name: DD_DATABASE_PASSWORD valueFrom: secretKeyRef: diff --git a/helm/defectdojo/values.schema.json b/helm/defectdojo/values.schema.json index 29331072e96..ddf4a9be67a 100644 --- a/helm/defectdojo/values.schema.json +++ b/helm/defectdojo/values.schema.json @@ -153,9 +153,6 @@ } } }, - "broker": { - "type": "string" - }, "logLevel": { "type": "string" }, @@ -181,6 +178,30 @@ "automountServiceAccountToken": { "type": "boolean" }, + "autoscaling": { + "description": "Autoscaling configuration for Celery worker deployment.", + "type": "object", + "properties": { + "behavior": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "targetMemoryUtilizationPercentage": { + "type": "integer" + } + } + }, "containerSecurityContext": { "description": "Container security context for the Celery worker containers.", "type": "object" @@ -227,9 +248,24 @@ "type": "object" }, "podAnnotations": { - "description": "Annotations for the Celery beat pods.", + "description": "Annotations for the Celery worker pods.", "type": "object" }, + "podDisruptionBudget": { + "description": "Configure pod disruption budgets for Celery worker ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minAvailable": { + "type": "string" + }, + "unhealthyPodEvictionPolicy": { + "type": "string" + } + } + }, "podSecurityContext": { "description": "Pod security context for the Celery worker pods.", "type": "object" @@ -272,6 +308,10 @@ "description": "Enable startup probe for Celery worker container.", "type": "object" }, + "terminationGracePeriodSeconds": { + "description": "Termination grace period seconds for Celery worker pods.", + "type": "integer" + }, "tolerations": { "type": "array" } @@ -340,14 +380,14 @@ "description": "create postgresql secret in defectdojo chart, outside of postgresql chart", "type": "boolean" }, - "createRedisSecret": { - "description": "create redis secret in defectdojo chart, outside of redis chart", - "type": "boolean" - }, "createSecret": { "description": "create defectdojo specific secret", "type": "boolean" }, + "createValkeySecret": { + "description": "create valkey secret in defectdojo chart, outside of valkey chart", + "type": "boolean" + }, "dbMigrationChecker": { "type": "object", "properties": { @@ -431,6 +471,30 @@ "automountServiceAccountToken": { "type": "boolean" }, + "autoscaling": { + "description": "Autoscaling configuration for the Django deployment.", + "type": "object", + "properties": { + "behavior": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "targetMemoryUtilizationPercentage": { + "type": "integer" + } + } + }, "extraEnv": { "description": "Additional environment variables injected to all Django containers and initContainers.", "type": "array" @@ -596,6 +660,21 @@ "nodeSelector": { "type": "object" }, + "podDisruptionBudget": { + "description": "Configure pod disruption budgets for django ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minAvailable": { + "type": "string" + }, + "unhealthyPodEvictionPolicy": { + "type": "string" + } + } + }, "podSecurityContext": { "description": "Pod security context for the Django pods.", "type": "object", @@ -622,6 +701,10 @@ "strategy": { "type": "object" }, + "terminationGracePeriodSeconds": { + "description": "Termination grace period seconds for django pods.", + "type": "integer" + }, "tolerations": { "type": "array" }, @@ -914,9 +997,6 @@ "affinity": { "type": "object" }, - "annotations": { - "type": "object" - }, "automountServiceAccountToken": { "type": "boolean" }, @@ -967,6 +1047,9 @@ "nodeSelector": { "type": "object" }, + "podAnnotations": { + "type": "object" + }, "podSecurityContext": { "description": "Pod security context for the initializer Job", "type": "object" @@ -1237,52 +1320,16 @@ } } }, - "redis": { - "description": "For more advance options check the bitnami chart documentation: https://github.com/bitnami/charts/tree/main/bitnami/redis", - "type": "object", - "properties": { - "architecture": { - "type": "string" - }, - "auth": { - "type": "object", - "properties": { - "existingSecret": { - "type": "string" - }, - "existingSecretPasswordKey": { - "type": "string" - }, - "password": { - "type": "string" - } - } - }, - "enabled": { - "description": "To use an external instance, switch enabled to `false`` and set the address in `redisServer` below", - "type": "boolean" - }, - "sentinel": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "description": "If TLS is enabled, the Redis broker will use the redis:// and optionally mount the certificates from an existing secret.", - "type": "boolean" - } - } - } - } - }, "redisParams": { - "description": "Parameters attached to the redis connection string, defaults to \"ssl_cert_reqs=optional\" if `redis.tls.enabled`", + "description": "Parameters attached to the redis connection string, defaults to \"ssl_cert_reqs=optional\" if `redisScheme` is `rediss`", + "type": "string" + }, + "redisPort": { + "description": "Define the protocol to use with the external Redis instance", + "type": "integer" + }, + "redisScheme": { + "description": "Define the protocol to use with the external Redis instance", "type": "string" }, "redisServer": { @@ -1416,6 +1463,60 @@ "trackConfig": { "description": "Track configuration (trackConfig): will automatically respin application pods in case of config changes detection can be: 1. disabled (default) 2. enabled, enables tracking configuration changes based on SHA256", "type": "string" + }, + "valkey": { + "description": "For more advance options check the bitnami chart documentation: https://artifacthub.io/packages/helm/cloudpirates-valkey/valkey", + "type": "object", + "properties": { + "auth": { + "type": "object", + "properties": { + "existingSecret": { + "type": "string" + }, + "existingSecretPasswordKey": { + "type": "string" + }, + "password": { + "type": "string" + } + } + }, + "enabled": { + "description": "To use an external instance, switch enabled to `false` and set the address in `redisServer` below", + "type": "boolean" + }, + "sentinel": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "service": { + "description": "To use a different port for Redis (default: 6379)", + "type": "object", + "properties": { + "port": { + "type": "integer" + } + } + }, + "tls": { + "type": "object", + "properties": { + "enabled": { + "description": "If TLS is enabled, the Redis broker will use the redis:// and optionally mount the certificates from an existing secret.", + "type": "boolean" + } + } + } + } + }, + "valkeyParams": { + "description": "Parameters attached to the valkey connection string, defaults to \"ssl_cert_reqs=optional\" if `valkey.tls.enabled`", + "type": "string" } } } diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml index cf04f33bf11..baf9aeeb618 100644 --- a/helm/defectdojo/values.yaml +++ b/helm/defectdojo/values.yaml @@ -9,8 +9,8 @@ securityContext: # -- create defectdojo specific secret createSecret: false -# -- create redis secret in defectdojo chart, outside of redis chart -createRedisSecret: false +# -- create valkey secret in defectdojo chart, outside of valkey chart +createValkeySecret: false # -- create postgresql secret in defectdojo chart, outside of postgresql chart createPostgresqlSecret: false # -- Track configuration (trackConfig): will automatically respin application pods in case of config changes detection @@ -192,7 +192,7 @@ monitoring: image: registry: "" repository: nginx/nginx-prometheus-exporter - tag: "1.4.2" + tag: "1.5.1" digest: "" imagePullPolicy: IfNotPresent # -- Optional: container security context for nginx prometheus exporter @@ -210,7 +210,6 @@ secrets: # Components celery: - broker: redis logLevel: INFO # -- Common annotations to worker and beat deployments and pods. annotations: {} @@ -275,6 +274,14 @@ celery: repository: "" tag: "" digest: "" + # -- Autoscaling configuration for Celery worker deployment. + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 + behavior: {} automountServiceAccountToken: false # -- Annotations for the Celery worker deployment. annotations: {} @@ -303,8 +310,13 @@ celery: # ``` livenessProbe: {} nodeSelector: {} - # -- Annotations for the Celery beat pods. + # -- Annotations for the Celery worker pods. podAnnotations: {} + # -- Configure pod disruption budgets for Celery worker ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + podDisruptionBudget: + enabled: false + minAvailable: 50% + unhealthyPodEvictionPolicy: AlwaysAllow # -- Pod security context for the Celery worker pods. podSecurityContext: {} # -- Enable readiness probe for Celery worker container. @@ -319,6 +331,8 @@ celery: memory: 512Mi # -- Enable startup probe for Celery worker container. startupProbe: {} + # -- Termination grace period seconds for Celery worker pods. + terminationGracePeriodSeconds: 300 tolerations: [] appSettings: # -- Performance improved celery worker config when needing to deal with a lot of findings (e.g deduplication ops) @@ -330,6 +344,14 @@ celery: poolType: solo django: + # -- Autoscaling configuration for the Django deployment. + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 + behavior: {} automountServiceAccountToken: false annotations: {} service: @@ -382,8 +404,15 @@ django: cpu: 2000m memory: 256Mi nodeSelector: {} + # -- Configure pod disruption budgets for django ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + podDisruptionBudget: + enabled: false + minAvailable: 50% + unhealthyPodEvictionPolicy: AlwaysAllow replicas: 1 strategy: {} + # -- Termination grace period seconds for django pods. + terminationGracePeriodSeconds: 60 tolerations: [] uwsgi: # -- If empty, uses values from images.django.image @@ -486,7 +515,7 @@ initializer: run: true automountServiceAccountToken: false jobAnnotations: {} - annotations: {} + podAnnotations: {} labels: {} # -- A positive integer will keep this Job and Pod deployed for the specified number of seconds, after which they will be removed. For all other values, the Job and Pod will remain deployed. keepSeconds: 60 @@ -573,7 +602,7 @@ cloudsql: # -- set repo and image tag of gce-proxy image: repository: gcr.io/cloudsql-docker/gce-proxy - tag: 1.37.9 + tag: 1.37.10 pullPolicy: IfNotPresent # -- set CloudSQL instance: 'project:zone:instancename' instance: "" @@ -602,20 +631,17 @@ gke: # Only works with serviceAccount.create = true workloadIdentityEmail: "" -# -- For more advance options check the bitnami chart documentation: https://github.com/bitnami/charts/tree/main/bitnami/redis -redis: - # -- To use an external instance, switch enabled to `false`` and set the address in `redisServer` below +# -- For more advance options check the bitnami chart documentation: https://artifacthub.io/packages/helm/cloudpirates-valkey/valkey +valkey: + # -- To use an external instance, switch enabled to `false` and set the address in `redisServer` below enabled: true auth: - existingSecret: defectdojo-redis-specific - existingSecretPasswordKey: redis-password + existingSecret: defectdojo-valkey-specific + existingSecretPasswordKey: valkey-password password: "" - architecture: standalone - # To use a different port for Redis (default: 6379) add a port number and uncomment the lines below: - # master: - # service: - # ports: - # redis: xxxx + # -- To use a different port for Redis (default: 6379) + service: + port: 6379 # Sentinel configuration parameters sentinel: enabled: false @@ -670,14 +696,20 @@ extraEnv: [] # ``` localsettingspy: "" +# -- Parameters attached to the valkey connection string, defaults to "ssl_cert_reqs=optional" if `valkey.tls.enabled` +valkeyParams: "" # # External database support. # # @schema type:[string, null] # -- To use an external Redis instance, set `redis.enabled` to false and set the address here: redisServer: ~ -# -- Parameters attached to the redis connection string, defaults to "ssl_cert_reqs=optional" if `redis.tls.enabled` +# -- Parameters attached to the redis connection string, defaults to "ssl_cert_reqs=optional" if `redisScheme` is `rediss` redisParams: "" +# -- Define the protocol to use with the external Redis instance +redisPort: 6379 +# -- Define the protocol to use with the external Redis instance +redisScheme: redis # # @schema type:[string, null] # -- To use an external PostgreSQL instance (like CloudSQL), set `postgresql.enabled` to false, diff --git a/requirements-lint.txt b/requirements-lint.txt index fcefb6c9a0f..c7e2cafe88d 100644 --- a/requirements-lint.txt +++ b/requirements-lint.txt @@ -1 +1 @@ -ruff==0.14.3 +ruff==0.14.6 \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index 346ac771c70..5308a61ddaf 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ # requirements.txt for DefectDojo using Python 3.x -asteval==1.0.6 +asteval==1.0.7 bleach==6.3.0 bleach[css] celery==5.5.3 @@ -7,13 +7,13 @@ defusedxml==0.7.1 django_celery_results==2.6.0 django-auditlog==3.2.1 django-pghistory==3.8.3 -django-dbbackup==5.0.0 +django-dbbackup==5.0.1 django-environ==0.12.0 django-filter==25.1 django-imagekit==6.0.0 django-multiselectfield==1.0.1 django-polymorphic==4.1.0 -django-crispy-forms==2.4 +django-crispy-forms==2.5 django_extensions==4.1 django-slack==5.19.0 django-watson==1.6.3 @@ -26,13 +26,13 @@ humanize==4.14.0 jira==3.10.5 PyGithub==2.8.1 lxml==6.0.2 -Markdown==3.9 +Markdown==3.10 openpyxl==3.1.5 Pillow==12.0.0 # required by django-imagekit -psycopg[c]==3.2.12 +psycopg[c]==3.2.13 cryptography==46.0.3 python-dateutil==2.9.0.post0 -redis==7.0.1 +redis==7.1.0 requests==2.32.5 sqlalchemy==2.0.44 # Required by Celery broker transport urllib3==2.5.0 @@ -45,7 +45,7 @@ social-auth-core==4.8.1 gitpython==3.1.45 python-gitlab==7.0.0 cpe==1.3.1 -packageurl-python==0.17.5 +packageurl-python==0.17.6 django-crum==0.7.9 JSON-log-formatter==1.1.1 django-split-settings==1.3.2 @@ -56,15 +56,15 @@ cvss==3.6 django-fieldsignals==0.7.0 hyperlink==21.0.0 djangosaml2==1.11.1 -drf-spectacular==0.28.0 +drf-spectacular==0.29.0 drf-spectacular-sidecar==2025.10.1 django-ratelimit==4.1.0 argon2-cffi==25.1.0 blackduck==1.1.3 pycurl==7.45.7 # Required for Celery Broker AWS (SQS) support -boto3==1.40.63 # Required for Celery Broker AWS (SQS) support +boto3==1.41.5 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 -vulners==3.1.1 +vulners==3.1.2 fontawesomefree==6.6.0 PyYAML==6.0.3 pyopenssl==25.3.0 diff --git a/unittests/scans/anchore_grype/fix_available.json b/unittests/scans/anchore_grype/fix_available.json new file mode 100644 index 00000000000..42aab80d74b --- /dev/null +++ b/unittests/scans/anchore_grype/fix_available.json @@ -0,0 +1,315 @@ +{ + "matches": [ + { + "vulnerability": { + "id": "CVE-2009-3882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2009-3882", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", + "http://java.sun.com/javase/6/webnotes/6u17.html", + "http://secunia.com/advisories/37386", + "http://security.gentoo.org/glsa/glsa-200911-02.xml", + "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084", + "https://bugzilla.redhat.com/show_bug.cgi?id=530175", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7300", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8841" + ], + "description": "Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to \"information leaks in mutable variables,\" aka Bug Id 6657026.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.4 + }, + "vendorMetadata": {} + } + ], + "fix": { + "versions": [ + "1.2.3" + ], + "state": "fixed" + }, + "advisories": [] + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:oracle:openjdk:17.0.10+7\u0000-J-ms8m:*:*:*:*:*:*:*" + ], + "Package": { + "name": "java", + "version": "17.0.10+7\u0000-J-ms8m" + } + }, + "found": { + "vulnerabilityID": "CVE-2009-3882", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "9263533999d7e833", + "name": "java", + "version": "17.0.10+7\u0000-J-ms8m", + "type": "binary", + "locations": [ + { + "path": "/opt/java/openjdk/bin/java", + "layerID": "sha256:089f13e86d6447b9182a23ca4e357b13f067208db1b04ba14cac3edb51c2e6a8" + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:oracle:openjdk:17.0.10+7\u0000-J-ms8m:*:*:*:*:*:*:*" + ], + "purl": "pkg:generic/java@17.0.10%2B7\u0000-J-ms8m", + "upstreams": [] + } + } + ], + "source": { + "type": "image", + "target": { + "userInput": "REDACTED", + "imageID": "sha256:07a3eb7aaaaaaaaa69f29ff9a2945c9bb0a6592654421b8357c", + "manifestDigest": "sha256:4e1c538085614cbc0c9affbb206abbec3220118425409662e46b3d4bb71d1b6d", + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "tags": [], + "imageSize": 514054352, + "layers": [ + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5faf9c0a9efe4675ecd21a4ec417d51077d5e75da9e673161a94e7d6cd43f92c", + "size": 72802466 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:61bb835859af3b3418d9e5115ee0d0421d771af4b576354cb47e4911898411e6", + "size": 45773705 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:089f13e86d6447b9182a23ca4e357b13f067208db1b04ba14cac3edb51c2e6a8", + "size": 140722808 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:8a6992ae127d603d9816b4ac8d1b3b3f6b0bb29b1e64e38c86247805de797dcd", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:31c91cb1196883a0861aa5f1d363e6e343070418704db46e47df1735eb95e473", + "size": 1182 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:2adb74596640882e72d1cfd59684d1d3053a4eaccc8cbd4ff769a6bc103736d9", + "size": 1780912 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:d3bd5e7d3a771e112ed5b0f61be054654d828c5198f6aee29dc57fb47f5ecede", + "size": 60515187 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:ebe801fcbe62d62d5bee3994743f3d556ecea3c6fcac9e4eb9c4b157cfd5c05d", + "size": 1143874 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:cdf08086dbb4ff8e9de7b5986a4fe720a91b3508932988a9931a44bc595c0451", + "size": 32 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:62cee45bfd8de3003a1745ba5cce836429b96fab015d6c8d347edb5fc2b8f538", + "size": 393832 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:7d93f74f90a566f90f6ce733e1f03e592770f0eb579ebb3339ac43732913dcf5", + "size": 368 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:b626fe3114d1abd6c629c5adeb769fe28112e0268242a1bc66497ec6c6fddfc0", + "size": 1734 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:ecdc721e0f0e4244958fd6ed4aa658f600f66cc49e8e258680bbb8f0781b1eae", + "size": 2102 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:c3f7d9738db6fe33aa41e359b35ccad67c52e9e1fe1d2aa8ae986a52c63abdbc", + "size": 28 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:43054870c5ee79c9c489db42b054d832ed7ad38bb85d7d085ae6d9ed0fa22191", + "size": 31964241 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:629931e16568b7012bc94fa971085301f8239812690ff2422fcbf2a22475eb57", + "size": 158934808 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:9fdd7c20fc0792669cf8e16a770c40d99c0fa3bf74b51500270b762b1420047d", + "size": 17073 + } + ], + "manifest": "ewogICJzY2hlbWFWZXJzaW9uIjogMiwKICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubWFuaWZlc3QudjEranNvbiIsCiAgImNvbmZpZyI6IHsKICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5jb25maWcudjEranNvbiIsCiAgICAiZGlnZXN0IjogInNoYTI1NjowN2EzZWI3YjhlZTM2ZTkxYjZlMmIzZWU2YTFiOTY5ZjI5ZmY5YTI5NDVjOWJiMGE2NTkyNjU0NDIxYjgzNTdjIiwKICAgICJzaXplIjogMTE4ODgKICB9LAogICJsYXllcnMiOiBbCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjYzZTliYmUzMjMyNzRlNzdlNThkNzdjNmFiNjgwMmQyNDc0NThmNzg0MjIyZmJiMDdhMjU1NmQ2ZWM3NGVlMDUiLAogICAgICAic2l6ZSI6IDI4NTg0MzE3CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo0NDgyYjE5MjIwMjFmYjdhNzE5MzI4MzEzMmM5MTQzYTQ2ZjhjNmUzZjIyNTgyY2NhYWViMzAyM2VmOGYwYWUzIiwKICAgICAgInNpemUiOiAxNjkyMDU2MwogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6MjJhZGMyZTM2ZjljODJkN2JiYTFiODJjZWExNjIxNmE2MWZhNzIzYzQ3MDlkMTAwZDM4OTVhNDRhZDBlYzlkYSIsCiAgICAgICJzaXplIjogNDcxNjQxMjYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmE5MzkxN2Y4N2FjM2ExZTljMGM5MDJjYmMyNjcwNTMyZmYyMDhiOGI5NmE0NzAyYTUzMGU2ZmVkMzQyOGQ0MDkiLAogICAgICAic2l6ZSI6IDE1OQogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6ZmMwZDZlYzBmNmE0YWRiN2UwMGUyMDdjYzBmMWRmOTM0M2ViOTM0MDQxOTU1MTg4MjU2YWE5MGNhZTgwMDdjYiIsCiAgICAgICJzaXplIjogNzMzCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjozYjQwMjk2N2UxYjJhYWRlMDBjOTkwZWFlZmQ3NjEyMjYzZTFkNTZlMzMyNTE0Yzg5OTljZGM2NjYyNzVhYmRkIiwKICAgICAgInNpemUiOiA0Njk2NDIKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjI3NTA5NjI4OTY4MjQ3ZDNmNTg5Yjk5NGUzNWU1NWI5YjJjNTI3NzQ0NGFjNGUyMzg5OTcwM2UzNjRhZjY1ZjUiLAogICAgICAic2l6ZSI6IDM4Njk3NzM5CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo5ZWQwNmM0ZWRkMTllYzRjMDBhM2YxODlhMDNkOGM1Yzg0ODM4ZTc3MzQ3MTkwZDlmMTM1MDhkZDk5ZWZmMjk4IiwKICAgICAgInNpemUiOiAzNTA3MjcKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjRmNGZiNzAwZWY1NDQ2MWNmYTAyNTcxYWUwZGI5YTBkYzFlMGNkYjU1Nzc0ODRhNmQ3NWU2OGRjMzhlOGFjYzEiLAogICAgICAic2l6ZSI6IDMyCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo3YTFhMTQxMTQ3ZjYyMTY2MmJlYWUyZDc5MzcwODMyODU4YjFiY2EzZDIyMmRkNzY0YTYwYjY4NGViN2E0NzNlIiwKICAgICAgInNpemUiOiAyMDYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjJhM2YxNDM3NDVjNTBjMTRhMTJmZDBmYTdkOTAzYmY4MzBjZGQ2NTc2NDNhZWQ0MTVhNjMzMmEwMDdlMmEzMzMiLAogICAgICAic2l6ZSI6IDE5OTgKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmZjNTkxNmUxMWEzOTc5ZmM0NzFiOWFkMWU0NDIwMDBiZmI1YmQyNjJlZjg0YWFiOWYyMGJmODRiNzFmYmJkYzAiLAogICAgICAic2l6ZSI6IDM3NQogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6ZjE2MTJmYWNkMjhiNDIzOWEwNmE5OGZiNWUxMWMzMjViYmZkYmNkOGJjZWVkMDdlZDE2NjcxZWFkODdkOTQ2YiIsCiAgICAgICJzaXplIjogOTE1CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjoxMTFlYTU5YmNiNjZjZjYxOTFiYzU5YTI4ZTU4ZTI0MzIyNjkwYmFlODU2MTc4MThjZDY5YTYxNzM0MjAwYWIyIiwKICAgICAgInNpemUiOiAxMTAzCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjoxYWIxNjY5OWQ2ZDlkNzVkYzg0MmE4ZjUzMTUxM2NiYzk4OWFiYTY0Y2UxZWEzNjA2YTIzMmRlMWU0ZWVkNGIzIiwKICAgICAgInNpemUiOiAyNTYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjRmNGZiNzAwZWY1NDQ2MWNmYTAyNTcxYWUwZGI5YTBkYzFlMGNkYjU1Nzc0ODRhNmQ3NWU2OGRjMzhlOGFjYzEiLAogICAgICAic2l6ZSI6IDMyCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjpiMTMyMmJhYWE5Zjc3MmMwNzJlOWY0NDhkZjJkMDZiNjZkYmEyNzhkNTY3MGIyYWYwZDM5Njg0OTBkOTJlMzUwIiwKICAgICAgInNpemUiOiAxODg4MzQ2NgogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6NGY0ZmI3MDBlZjU0NDYxY2ZhMDI1NzFhZTBkYjlhMGRjMWUwY2RiNTU3NzQ4NGE2ZDc1ZTY4ZGMzOGU4YWNjMSIsCiAgICAgICJzaXplIjogMzIKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmExYzc5YjJlZjkwYmExZDlhZTMwZjNhOGNlNzEyYjQ0MGU0YWEyOGIxODc1NzA4ZmRjMTYwNzJkMTgyNTBhNmIiLAogICAgICAic2l6ZSI6IDE0OTQyMjY4OAogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6MzBhNmQ2NTMzN2JiOGE0Njg2MTUyMDVmMzFjOTJkYjZmMmRmYTFmMzJkNzI1Y2IxZjcwZjQwYjE4ODA1OGMyOSIsCiAgICAgICJzaXplIjogMzI1NgogICAgfQogIF0KfQ==", + "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJVc2VyIjoiY2FtcyIsIkV4cG9zZWRQb3J0cyI6eyI4MDgwL3RjcCI6e319LCJFbnYiOlsiUEFUSD0vb3B0L2phdmEvb3Blbmpkay9iaW46L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluIiwiSkFWQV9IT01FPS9vcHQvamF2YS9vcGVuamRrIiwiTEFORz1lbl9VUy5VVEYtOCIsIkxBTkdVQUdFPWVuX1VTOmVuIiwiTENfQUxMPWVuX1VTLlVURi04IiwiSkFWQV9WRVJTSU9OPWpkay0xNy4wLjEwKzciLCJKQVZBX09QVFM9LVhYOk1pblJBTVBlcmNlbnRhZ2U9NTAgLVhYOk1heFJBTVBlcmNlbnRhZ2U9ODAgLVhYOitVc2VDb250YWluZXJTdXBwb3J0IiwiU1BSSU5HX0NPTkZJR19MT0NBVElPTj1maWxlOi9ldGMvY2Ftcy8iLCJTUFJJTkdfUFJPRklMRVNfQUNUSVZFPSIsIkNBTVNfQVBQTElDQVRJT049YXBwbGljYXRpb24uamFyIiwiQ0FNU19BUFBfUE9SVD04MDgwIiwiVkVSU0lPTj0wLjE1MC4wIiwiTkFNRT1qb3VybmFsLXJlcG9ydC1zZXJ2aWNlcy1hcHAiXSwiRW50cnlwb2ludCI6WyIvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaCJdLCJXb3JraW5nRGlyIjoiL29wdC9jYW1zIiwiTGFiZWxzIjp7ImFyY2hpdGVjdHVyZSI6IiIsImJ6Y29tcG9uZW50Ijoiam91cm5hbC1yZXBvcnQtc2VydmljZXMtYXBwIiwibWFpbnRhaW5lciI6IlRlY2huZXN0IElUIFx1MDAzY2l0QHRlY2huZXN0LmVzXHUwMDNlIiwibmFtZSI6ImpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5yZWYubmFtZSI6InVidW50dSIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uIjoiMjAuMDQiLCJyZWxlYXNlIjoiMC4xNTAuMCIsInZlcnNpb24iOiIwLjE1MC4wIn19LCJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzoxMC42NTIyMDEwNVoiLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMjAyNC0wMi0xNlQyMTozMjo0OS42NjE2NzY5NVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIEFSRyBSRUxFQVNFIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NDkuNjk0NjczMjkzWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSAgQVJHIExBVU5DSFBBRF9CVUlMRF9BUkNIIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NDkuNzE5ODk2NTMxWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSAgTEFCRUwgb3JnLm9wZW5jb250YWluZXJzLmltYWdlLnJlZi5uYW1lPXVidW50dSIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAyLTE2VDIxOjMyOjQ5Ljc1ODkxMzc1N1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIExBQkVMIG9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uPTIwLjA0IiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NTIuMTc2NDA4NDFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIEFERCBmaWxlOmEyNTc5OGYzMTIxOTAwMGQ2YTgyZDJjOTI1ODc0MzkyNmIxYTQwMDUzMGQxMmRiYjFlYWRmMmMyNTE5Zjk4ODggaW4gLyAifSx7ImNyZWF0ZWQiOiIyMDI0LTAyLTE2VDIxOjMyOjUyLjM5MTMzMzc1NFoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIENNRCBbXCIvYmluL2Jhc2hcIl0iLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfSE9NRT0vb3B0L2phdmEvb3BlbmpkayIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IkVOViBQQVRIPS9vcHQvamF2YS9vcGVuamRrL2JpbjovdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJFTlYgTEFORz1lbl9VUy5VVEYtOCBMQU5HVUFHRT1lbl9VUzplbiBMQ19BTEw9ZW5fVVMuVVRGLTgiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBzZXQgLWV1eDsgICAgIGFwdC1nZXQgdXBkYXRlOyAgICAgREVCSUFOX0ZST05URU5EPW5vbmludGVyYWN0aXZlIGFwdC1nZXQgaW5zdGFsbCAteSAtLW5vLWluc3RhbGwtcmVjb21tZW5kcyAgICAgICAgIGN1cmwgICAgICAgICB3Z2V0ICAgICAgICAgZm9udGNvbmZpZyAgICAgICAgIGNhLWNlcnRpZmljYXRlcyBwMTEta2l0ICAgICAgICAgdHpkYXRhICAgICAgICAgbG9jYWxlcyAgICAgOyAgICAgZWNobyBcImVuX1VTLlVURi04IFVURi04XCIgXHUwMDNlXHUwMDNlIC9ldGMvbG9jYWxlLmdlbjsgICAgIGxvY2FsZS1nZW4gZW5fVVMuVVRGLTg7ICAgICBybSAtcmYgL3Zhci9saWIvYXB0L2xpc3RzLyogIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfVkVSU0lPTj1qZGstMTcuMC4xMCs3IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgc2V0IC1ldXg7ICAgICBBUkNIPVwiJChkcGtnIC0tcHJpbnQtYXJjaGl0ZWN0dXJlKVwiOyAgICAgY2FzZSBcIiR7QVJDSH1cIiBpbiAgICAgICAgYWFyY2g2NHxhcm02NCkgICAgICAgICAgRVNVTT0nMTYwODBkMDU1ZGEwOTYyZmJkNmI0MGY2NTlhOThhNDU3Y2JhM2VmYTdlYTcxNmQ1NDAwY2ZlYmU4YjkzNWJmMCc7ICAgICAgICAgIEJJTkFSWV9VUkw9J2h0dHBzOi8vZ2l0aHViLmNvbS9hZG9wdGl1bS90ZW11cmluMTctYmluYXJpZXMvcmVsZWFzZXMvZG93bmxvYWQvamRrLTE3LjAuMTAlMkI3L09wZW5KREsxN1UtanJlX2FhcmNoNjRfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIGFtZDY0fGkzODY6eDg2LTY0KSAgICAgICAgICBFU1VNPSc2MjBjYzBlNzMzOGYyNzIyZjNlZDA3NmFjNjVjMGZhZmI1NzU5ODE0MjZiYWM0ZTE5NzA4NjBlNWUyZDA0OGYwJzsgICAgICAgICAgQklOQVJZX1VSTD0naHR0cHM6Ly9naXRodWIuY29tL2Fkb3B0aXVtL3RlbXVyaW4xNy1iaW5hcmllcy9yZWxlYXNlcy9kb3dubG9hZC9qZGstMTcuMC4xMCUyQjcvT3BlbkpESzE3VS1qcmVfeDY0X2xpbnV4X2hvdHNwb3RfMTcuMC4xMF83LnRhci5neic7ICAgICAgICAgIDs7ICAgICAgICBhcm1oZnxhcm0pICAgICAgICAgIEVTVU09JzAzNzhiZGY2NzY5NjMyYjE4MmIyN2JhNGU1M2IxN2VhZWZlZmRiYWZhMzg0NWMxNWUxYmQ4OGE1YWVlYzg0NDInOyAgICAgICAgICBCSU5BUllfVVJMPSdodHRwczovL2dpdGh1Yi5jb20vYWRvcHRpdW0vdGVtdXJpbjE3LWJpbmFyaWVzL3JlbGVhc2VzL2Rvd25sb2FkL2pkay0xNy4wLjEwJTJCNy9PcGVuSkRLMTdVLWpyZV9hcm1fbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIHBwYzY0ZWx8cG93ZXJwYzpjb21tb242NCkgICAgICAgICAgRVNVTT0nNGUxOGI2MGRiYTU0MGI1YzQzMWZmMDNmNzRhMWM3M2IyMmQ4MzE1MWY5M2I4NzY4MjQxZDI2NGQxYTUzNTgyZCc7ICAgICAgICAgIEJJTkFSWV9VUkw9J2h0dHBzOi8vZ2l0aHViLmNvbS9hZG9wdGl1bS90ZW11cmluMTctYmluYXJpZXMvcmVsZWFzZXMvZG93bmxvYWQvamRrLTE3LjAuMTAlMkI3L09wZW5KREsxN1UtanJlX3BwYzY0bGVfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIHMzOTB4fHMzOTA6NjQtYml0KSAgICAgICAgICBFU1VNPSdjMWIyZmQyMzJmYzU1ZTgxNDQ3OWQ3NTg1ZDdlYzQ1YmFlOTUyYTJmNDEzNzA4NGYxZDk5Zjk1OGM2ODgwYTQ5JzsgICAgICAgICAgQklOQVJZX1VSTD0naHR0cHM6Ly9naXRodWIuY29tL2Fkb3B0aXVtL3RlbXVyaW4xNy1iaW5hcmllcy9yZWxlYXNlcy9kb3dubG9hZC9qZGstMTcuMC4xMCUyQjcvT3BlbkpESzE3VS1qcmVfczM5MHhfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgICopICAgICAgICAgIGVjaG8gXCJVbnN1cHBvcnRlZCBhcmNoOiAke0FSQ0h9XCI7ICAgICAgICAgIGV4aXQgMTsgICAgICAgICAgOzsgICAgIGVzYWM7ICAgICB3Z2V0IC0tcHJvZ3Jlc3M9ZG90OmdpZ2EgLU8gL3RtcC9vcGVuamRrLnRhci5neiAke0JJTkFSWV9VUkx9OyAgICAgZWNobyBcIiR7RVNVTX0gKi90bXAvb3Blbmpkay50YXIuZ3pcIiB8IHNoYTI1NnN1bSAtYyAtOyAgICAgbWtkaXIgLXAgXCIkSkFWQV9IT01FXCI7ICAgICB0YXIgLS1leHRyYWN0ICAgICAgICAgLS1maWxlIC90bXAvb3Blbmpkay50YXIuZ3ogICAgICAgICAtLWRpcmVjdG9yeSBcIiRKQVZBX0hPTUVcIiAgICAgICAgIC0tc3RyaXAtY29tcG9uZW50cyAxICAgICAgICAgLS1uby1zYW1lLW93bmVyICAgICA7ICAgICBybSAtZiAvdG1wL29wZW5qZGsudGFyLmd6ICR7SkFWQV9IT01FfS9saWIvc3JjLnppcDsgICAgIGZpbmQgXCIkSkFWQV9IT01FL2xpYlwiIC1uYW1lICcqLnNvJyAtZXhlYyBkaXJuYW1lICd7fScgJzsnIHwgc29ydCAtdSBcdTAwM2UgL2V0Yy9sZC5zby5jb25mLmQvZG9ja2VyLW9wZW5qZGsuY29uZjsgICAgIGxkY29uZmlnOyAgICAgamF2YSAtWHNoYXJlOmR1bXA7ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIHNldCAtZXV4OyAgICAgZWNobyBcIlZlcmlmeWluZyBpbnN0YWxsIC4uLlwiOyAgICAgZWNobyBcImphdmEgLS12ZXJzaW9uXCI7IGphdmEgLS12ZXJzaW9uOyAgICAgZWNobyBcIkNvbXBsZXRlLlwiICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IkNPUFkgZW50cnlwb2ludC5zaCAvX19jYWNlcnRfZW50cnlwb2ludC5zaCAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJFTlRSWVBPSU5UIFtcIi9fX2NhY2VydF9lbnRyeXBvaW50LnNoXCJdIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNjo0NS45NDE2OTAzNzdaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGVjaG8gJ2RlYmNvbmYgZGViY29uZi9mcm9udGVuZCBzZWxlY3QgTm9uaW50ZXJhY3RpdmUnIHwgZGViY29uZi1zZXQtc2VsZWN0aW9ucyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjAzLjA0OTQ2MjM4NVoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IHVwZGF0ZSBcdTAwMjZcdTAwMjYgICAgIGFwdCB1cGdyYWRlIC15IFx1MDAyNlx1MDAyNiAgICAgYXB0IGluc3RhbGwgLXkgc3VkbyBwcm9jcHMgbmV0LXRvb2xzICAgICAgYXB0LXV0aWxzIHdnZXQgY3VybCBjYS1jZXJ0aWZpY2F0ZXMganEgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzowOC42OTA0MDkxODFaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGFwdCBpbnN0YWxsIC15IGxpYmFwcjEgbGliYXBydXRpbDEgXHUwMDI2XHUwMDI2ICAgICBlY2hvICdMRF9MSUJSQVJZX1BBVEg9JExEX0xJQlJBUllfUEFUSDovdXNyL2xvY2FsL2Fwci9saWInIFx1MDAzZVx1MDAzZSAvZXRjL3Byb2ZpbGUuZC9hcGFjaGVfdG9tY2F0X25hdGl2ZV9saWJyYXJ5LnNoIFx1MDAyNlx1MDAyNiAgICAgZWNobyAnZXhwb3J0IExEX0xJQlJBUllfUEFUSCcgXHUwMDNlXHUwMDNlIC9ldGMvcHJvZmlsZS5kL2FwYWNoZV90b21jYXRfbmF0aXZlX2xpYnJhcnkuc2ggIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS4wODYxMjU1NloiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IGNsZWFuIGF1dG9jbGVhbiBcdTAwMjZcdTAwMjYgICAgIGFwdCBhdXRvcmVtb3ZlIC15IFx1MDAyNlx1MDAyNiAgICAgcm0gLXJmIC92YXIvbGliL3thcHQsZHBrZyxjYWNoZSxsb2d9LyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjE3Njk2NjQ1MVoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgZWNobyAndW5zZXQgSElTVE9SWScgXHUwMDNlXHUwMDNlIC9ldGMvcHJvZmlsZS5kL2Rpc2FibGVfYmFzaF9oaXN0b3J5LnNoIFx1MDAyNlx1MDAyNiAgICAgZWNobyAnZXhwb3J0IEhJU1RTSVpFPTAnICBcdTAwM2VcdTAwM2UgL2V0Yy9wcm9maWxlLmQvZGlzYWJsZV9iYXNoX2hpc3Rvcnkuc2ggIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS40MTE3OTU4NjVaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIG1rZGlyIC9vcHQvY2FtcyAvZXRjL3NzbC9jYW1zIFx1MDAyNlx1MDAyNiAgICAgZ3JvdXBhZGQgLWcgMTIwMCBjYW1zIFx1MDAyNlx1MDAyNiAgICAgYWRkdXNlciAtLXN5c3RlbSAtLXNoZWxsIC9zYmluL25vbG9naW4gLS1ob21lIC9vcHQvY2FtcyAtLWdpZCAxMjAwIC0tdWlkIDEyMDAgY2FtcyBcdTAwMjZcdTAwMjYgICAgIGNob3duIGNhbXM6Y2FtcyAvb3B0L2NhbXMgL2V0Yy9zc2wvY2FtcyBcdTAwMjZcdTAwMjYgICAgIGVjaG8gJ3NvdXJjZSAvZXRjL3Byb2ZpbGUnIFx1MDAzZVx1MDAzZSAvb3B0L2NhbXMvLmJhc2hyYyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjQ0MjUyMTI3WiIsImNyZWF0ZWRfYnkiOiJBREQgY2Ftcy5zdWRvZXJzIC9ldGMvc3Vkb2Vycy5kL2NhbXMgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS40ODQxOTIwMTVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgLS1jaG93bj1jYW1zOmNhbXMgZG9ja2VyLWVudHJ5cG9pbnQuc2ggL3Vzci9sb2NhbC9iaW4gIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS41OTUxODAyNTJaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGNobW9kIDc1NSAvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaCBcdTAwMjZcdTAwMjYgICAgIGNobW9kIDY1MCAvZXRjL3N1ZG9lcnMuZC9jYW1zICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMDlUMTM6MDc6MTEuNzM3NDg5OTQ4WiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBta2RpciAtcCAkSkFWQV9IT01FL2pyZS9saWIvc2VjdXJpdHkvIFx1MDAyNlx1MDAyNiAgICAgZWNobyBcIm5ldHdvcmthZGRyZXNzLmNhY2hlLnR0bD02MFwiIFx1MDAzZVx1MDAzZSAkSkFWQV9IT01FL2pyZS9saWIvc2VjdXJpdHkvamF2YS5zZWN1cml0eSAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjc3MzAyMjM4WiIsImNyZWF0ZWRfYnkiOiJVU0VSIGNhbXMiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjc3MzAyMjM4WiIsImNyZWF0ZWRfYnkiOiJXT1JLRElSIC9vcHQvY2FtcyIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS43NzMwMjIzOFoiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfT1BUUz0tWFg6TWluUkFNUGVyY2VudGFnZT01MCAtWFg6TWF4UkFNUGVyY2VudGFnZT04MCAtWFg6K1VzZUNvbnRhaW5lclN1cHBvcnQgU1BSSU5HX0NPTkZJR19MT0NBVElPTj1maWxlOi9ldGMvY2Ftcy8gU1BSSU5HX1BST0ZJTEVTX0FDVElWRT0gQ0FNU19BUFBMSUNBVElPTj1hcHBsaWNhdGlvbi5qYXIgQ0FNU19BUFBfUE9SVD04MDgwIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS43NzMwMjIzOFoiLCJjcmVhdGVkX2J5IjoiRU5UUllQT0lOVCBbXCIvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaFwiXSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MDkuMzg0NjUzNjE4WiIsImNyZWF0ZWRfYnkiOiJFTlYgVkVSU0lPTj0wLjE1MC4wIE5BTUU9am91cm5hbC1yZXBvcnQtc2VydmljZXMtYXBwIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzowOS4zODQ2NTM2MThaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIGJ6Y29tcG9uZW50PWpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCBuYW1lPWpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCB2ZXJzaW9uPTAuMTUwLjAgcmVsZWFzZT0wLjE1MC4wIGFyY2hpdGVjdHVyZT0gbWFpbnRhaW5lcj1UZWNobmVzdCBJVCBcdTAwM2NpdEB0ZWNobmVzdC5lc1x1MDAzZSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MDkuMzg0NjUzNjE4WiIsImNyZWF0ZWRfYnkiOiJVU0VSIHJvb3QiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjA5LjM4NDY1MzYxOFoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IHVwZGF0ZSBcdTAwMjZcdTAwMjYgYXB0IGluc3RhbGwgLXkgZm9udGNvbmZpZyBmb250cy1mcmVlZm9udC10dGYgZm9udHMtZnJlZWZvbnQtdHRmIGZvbnRzLWRlamF2dS1jb3JlIGZvbnRzLWRlamF2dS1leHRyYSAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjA5LjM4NDY1MzYxOFoiLCJjcmVhdGVkX2J5IjoiVVNFUiBjYW1zIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzowOS40MTk5ODE3MDhaIiwiY3JlYXRlZF9ieSI6IldPUktESVIgL29wdC9jYW1zIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjEwLjYwMzE2NzAwOVoiLCJjcmVhdGVkX2J5IjoiQ09QWSAtLWNob3duPWNhbXM6Y2FtcyAqLmphciAvb3B0L2NhbXMvYXBwbGljYXRpb24uamFyICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MTAuNjUyMjAxMDVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgLS1jaG93bj1jYW1zOmNhbXMgY29uZmlnIC9ldGMvY2FtcyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjEwLjY1MjIwMTA1WiIsImNyZWF0ZWRfYnkiOiJFWFBPU0UgbWFwWzgwODAvdGNwOnt9XSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9XSwib3MiOiJsaW51eCIsInJvb3RmcyI6eyJ0eXBlIjoibGF5ZXJzIiwiZGlmZl9pZHMiOlsic2hhMjU2OjVmYWY5YzBhOWVmZTQ2NzVlY2QyMWE0ZWM0MTdkNTEwNzdkNWU3NWRhOWU2NzMxNjFhOTRlN2Q2Y2Q0M2Y5MmMiLCJzaGEyNTY6NjFiYjgzNTg1OWFmM2IzNDE4ZDllNTExNWVlMGQwNDIxZDc3MWFmNGI1NzYzNTRjYjQ3ZTQ5MTE4OTg0MTFlNiIsInNoYTI1NjowODlmMTNlODZkNjQ0N2I5MTgyYTIzY2E0ZTM1N2IxM2YwNjcyMDhkYjFiMDRiYTE0Y2FjM2VkYjUxYzJlNmE4Iiwic2hhMjU2OjhhNjk5MmFlMTI3ZDYwM2Q5ODE2YjRhYzhkMWIzYjNmNmIwYmIyOWIxZTY0ZTM4Yzg2MjQ3ODA1ZGU3OTdkY2QiLCJzaGEyNTY6MzFjOTFjYjExOTY4ODNhMDg2MWFhNWYxZDM2M2U2ZTM0MzA3MDQxODcwNGRiNDZlNDdkZjE3MzVlYjk1ZTQ3MyIsInNoYTI1NjoyYWRiNzQ1OTY2NDA4ODJlNzJkMWNmZDU5Njg0ZDFkMzA1M2E0ZWFjY2M4Y2JkNGZmNzY5YTZiYzEwMzczNmQ5Iiwic2hhMjU2OmQzYmQ1ZTdkM2E3NzFlMTEyZWQ1YjBmNjFiZTA1NDY1NGQ4MjhjNTE5OGY2YWVlMjlkYzU3ZmI0N2Y1ZWNlZGUiLCJzaGEyNTY6ZWJlODAxZmNiZTYyZDYyZDViZWUzOTk0NzQzZjNkNTU2ZWNlYTNjNmZjYWM5ZTRlYjljNGIxNTdjZmQ1YzA1ZCIsInNoYTI1Njo1ZjcwYmYxOGEwODYwMDcwMTZlOTQ4YjA0YWVkM2I4MjEwM2EzNmJlYTQxNzU1YjZjZGRmYWYxMGFjZTNjNmVmIiwic2hhMjU2OmNkZjA4MDg2ZGJiNGZmOGU5ZGU3YjU5ODZhNGZlNzIwYTkxYjM1MDg5MzI5ODhhOTkzMWE0NGJjNTk1YzA0NTEiLCJzaGEyNTY6NjJjZWU0NWJmZDhkZTMwMDNhMTc0NWJhNWNjZTgzNjQyOWI5NmZhYjAxNWQ2YzhkMzQ3ZWRiNWZjMmI4ZjUzOCIsInNoYTI1Njo3ZDkzZjc0ZjkwYTU2NmY5MGY2Y2U3MzNlMWYwM2U1OTI3NzBmMGViNTc5ZWJiMzMzOWFjNDM3MzI5MTNkY2Y1Iiwic2hhMjU2OmI2MjZmZTMxMTRkMWFiZDZjNjI5YzVhZGViNzY5ZmUyODExMmUwMjY4MjQyYTFiYzY2NDk3ZWM2YzZmZGRmYzAiLCJzaGEyNTY6ZWNkYzcyMWUwZjBlNDI0NDk1OGZkNmVkNGFhNjU4ZjYwMGY2NmNjNDllOGUyNTg2ODBiYmI4ZjA3ODFiMWVhZSIsInNoYTI1NjpjM2Y3ZDk3MzhkYjZmZTMzYWE0MWUzNTliMzVjY2FkNjdjNTJlOWUxZmUxZDJhYThhZTk4NmE1MmM2M2FiZGJjIiwic2hhMjU2OjVmNzBiZjE4YTA4NjAwNzAxNmU5NDhiMDRhZWQzYjgyMTAzYTM2YmVhNDE3NTViNmNkZGZhZjEwYWNlM2M2ZWYiLCJzaGEyNTY6NDMwNTQ4NzBjNWVlNzljOWM0ODlkYjQyYjA1NGQ4MzJlZDdhZDM4YmI4NWQ3ZDA4NWFlNmQ5ZWQwZmEyMjE5MSIsInNoYTI1Njo1ZjcwYmYxOGEwODYwMDcwMTZlOTQ4YjA0YWVkM2I4MjEwM2EzNmJlYTQxNzU1YjZjZGRmYWYxMGFjZTNjNmVmIiwic2hhMjU2OjYyOTkzMWUxNjU2OGI3MDEyYmM5NGZhOTcxMDg1MzAxZjgyMzk4MTI2OTBmZjI0MjJmY2JmMmEyMjQ3NWViNTciLCJzaGEyNTY6OWZkZDdjMjBmYzA3OTI2NjljZjhlMTZhNzcwYzQwZDk5YzBmYTNiZjc0YjUxNTAwMjcwYjc2MmIxNDIwMDQ3ZCJdfX0=", + "repoDigests": [ + "REDACTED" + ], + "architecture": "amd64", + "os": "linux", + "labels": { + "architecture": "", + "bzcomponent": "REDACTED", + "maintainer": "REDACTED", + "name": "REDACTED", + "org.opencontainers.image.ref.name": "ubuntu", + "org.opencontainers.image.version": "20.04", + "release": "0.150.0", + "version": "0.150.0" + } + } + }, + "distro": { + "name": "ubuntu", + "version": "20.04", + "idLike": [ + "debian" + ] + }, + "descriptor": { + "name": "grype", + "version": "0.75.0", + "configuration": { + "output": [ + "json" + ], + "file": "container-report-linux-amd64.json", + "distro": "", + "add-cpes-if-none": false, + "output-template-file": "", + "check-for-app-update": true, + "only-fixed": false, + "only-notfixed": false, + "ignore-wontfix": "", + "platform": "linux/amd64", + "search": { + "scope": "squashed", + "unindexed-archives": false, + "indexed-archives": true + }, + "ignore": null, + "exclude": [], + "db": { + "cache-dir": "/root/.cache/grype/db", + "update-url": "https://toolbox-data.anchore.io/grype/databases/listing.json", + "ca-cert": "", + "auto-update": true, + "validate-by-hash-on-start": false, + "validate-age": true, + "max-allowed-built-age": 432000000000000, + "update-available-timeout": 30000000000, + "update-download-timeout": 120000000000 + }, + "externalSources": { + "enable": false, + "maven": { + "searchUpstreamBySha1": true, + "baseUrl": "https://search.maven.org/solrsearch/select" + } + }, + "match": { + "java": { + "using-cpes": false + }, + "dotnet": { + "using-cpes": false + }, + "golang": { + "using-cpes": false, + "always-use-cpe-for-stdlib": true + }, + "javascript": { + "using-cpes": false + }, + "python": { + "using-cpes": false + }, + "ruby": { + "using-cpes": false + }, + "rust": { + "using-cpes": false + }, + "stock": { + "using-cpes": true + } + }, + "fail-on-severity": "", + "registry": { + "insecure-skip-tls-verify": false, + "insecure-use-http": false, + "auth": null, + "ca-cert": "" + }, + "show-suppressed": false, + "by-cve": false, + "name": "", + "default-image-pull-source": "", + "vex-documents": [], + "vex-add": [] + }, + "db": { + "built": "2024-04-10T01:25:07Z", + "schemaVersion": 5, + "location": "/root/.cache/grype/db/5", + "checksum": "sha256:bb6e98b144551912bc9f1fe7381ad2b83c8e1d07d0b3a4c341bfea182ae1269c", + "error": null + }, + "timestamp": "2024-04-10T11:05:22.636338786Z" + } +} diff --git a/unittests/scans/anchore_grype/fix_not_available.json b/unittests/scans/anchore_grype/fix_not_available.json new file mode 100644 index 00000000000..a32a61b4c55 --- /dev/null +++ b/unittests/scans/anchore_grype/fix_not_available.json @@ -0,0 +1,313 @@ +{ + "matches": [ + { + "vulnerability": { + "id": "CVE-2009-3882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2009-3882", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", + "http://java.sun.com/javase/6/webnotes/6u17.html", + "http://secunia.com/advisories/37386", + "http://security.gentoo.org/glsa/glsa-200911-02.xml", + "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084", + "https://bugzilla.redhat.com/show_bug.cgi?id=530175", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7300", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8841" + ], + "description": "Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to \"information leaks in mutable variables,\" aka Bug Id 6657026.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.4 + }, + "vendorMetadata": {} + } + ], + "fix": { + "versions": [], + "state": "unknown" + }, + "advisories": [] + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:oracle:openjdk:17.0.10+7\u0000-J-ms8m:*:*:*:*:*:*:*" + ], + "Package": { + "name": "java", + "version": "17.0.10+7\u0000-J-ms8m" + } + }, + "found": { + "vulnerabilityID": "CVE-2009-3882", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "9263533999d7e833", + "name": "java", + "version": "17.0.10+7\u0000-J-ms8m", + "type": "binary", + "locations": [ + { + "path": "/opt/java/openjdk/bin/java", + "layerID": "sha256:089f13e86d6447b9182a23ca4e357b13f067208db1b04ba14cac3edb51c2e6a8" + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:oracle:openjdk:17.0.10+7\u0000-J-ms8m:*:*:*:*:*:*:*" + ], + "purl": "pkg:generic/java@17.0.10%2B7\u0000-J-ms8m", + "upstreams": [] + } + } + ], + "source": { + "type": "image", + "target": { + "userInput": "REDACTED", + "imageID": "sha256:07a3eb7aaaaaaaaa69f29ff9a2945c9bb0a6592654421b8357c", + "manifestDigest": "sha256:4e1c538085614cbc0c9affbb206abbec3220118425409662e46b3d4bb71d1b6d", + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "tags": [], + "imageSize": 514054352, + "layers": [ + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5faf9c0a9efe4675ecd21a4ec417d51077d5e75da9e673161a94e7d6cd43f92c", + "size": 72802466 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:61bb835859af3b3418d9e5115ee0d0421d771af4b576354cb47e4911898411e6", + "size": 45773705 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:089f13e86d6447b9182a23ca4e357b13f067208db1b04ba14cac3edb51c2e6a8", + "size": 140722808 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:8a6992ae127d603d9816b4ac8d1b3b3f6b0bb29b1e64e38c86247805de797dcd", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:31c91cb1196883a0861aa5f1d363e6e343070418704db46e47df1735eb95e473", + "size": 1182 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:2adb74596640882e72d1cfd59684d1d3053a4eaccc8cbd4ff769a6bc103736d9", + "size": 1780912 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:d3bd5e7d3a771e112ed5b0f61be054654d828c5198f6aee29dc57fb47f5ecede", + "size": 60515187 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:ebe801fcbe62d62d5bee3994743f3d556ecea3c6fcac9e4eb9c4b157cfd5c05d", + "size": 1143874 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:cdf08086dbb4ff8e9de7b5986a4fe720a91b3508932988a9931a44bc595c0451", + "size": 32 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:62cee45bfd8de3003a1745ba5cce836429b96fab015d6c8d347edb5fc2b8f538", + "size": 393832 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:7d93f74f90a566f90f6ce733e1f03e592770f0eb579ebb3339ac43732913dcf5", + "size": 368 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:b626fe3114d1abd6c629c5adeb769fe28112e0268242a1bc66497ec6c6fddfc0", + "size": 1734 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:ecdc721e0f0e4244958fd6ed4aa658f600f66cc49e8e258680bbb8f0781b1eae", + "size": 2102 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:c3f7d9738db6fe33aa41e359b35ccad67c52e9e1fe1d2aa8ae986a52c63abdbc", + "size": 28 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:43054870c5ee79c9c489db42b054d832ed7ad38bb85d7d085ae6d9ed0fa22191", + "size": 31964241 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:629931e16568b7012bc94fa971085301f8239812690ff2422fcbf2a22475eb57", + "size": 158934808 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:9fdd7c20fc0792669cf8e16a770c40d99c0fa3bf74b51500270b762b1420047d", + "size": 17073 + } + ], + "manifest": "ewogICJzY2hlbWFWZXJzaW9uIjogMiwKICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubWFuaWZlc3QudjEranNvbiIsCiAgImNvbmZpZyI6IHsKICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5jb25maWcudjEranNvbiIsCiAgICAiZGlnZXN0IjogInNoYTI1NjowN2EzZWI3YjhlZTM2ZTkxYjZlMmIzZWU2YTFiOTY5ZjI5ZmY5YTI5NDVjOWJiMGE2NTkyNjU0NDIxYjgzNTdjIiwKICAgICJzaXplIjogMTE4ODgKICB9LAogICJsYXllcnMiOiBbCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjYzZTliYmUzMjMyNzRlNzdlNThkNzdjNmFiNjgwMmQyNDc0NThmNzg0MjIyZmJiMDdhMjU1NmQ2ZWM3NGVlMDUiLAogICAgICAic2l6ZSI6IDI4NTg0MzE3CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo0NDgyYjE5MjIwMjFmYjdhNzE5MzI4MzEzMmM5MTQzYTQ2ZjhjNmUzZjIyNTgyY2NhYWViMzAyM2VmOGYwYWUzIiwKICAgICAgInNpemUiOiAxNjkyMDU2MwogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6MjJhZGMyZTM2ZjljODJkN2JiYTFiODJjZWExNjIxNmE2MWZhNzIzYzQ3MDlkMTAwZDM4OTVhNDRhZDBlYzlkYSIsCiAgICAgICJzaXplIjogNDcxNjQxMjYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmE5MzkxN2Y4N2FjM2ExZTljMGM5MDJjYmMyNjcwNTMyZmYyMDhiOGI5NmE0NzAyYTUzMGU2ZmVkMzQyOGQ0MDkiLAogICAgICAic2l6ZSI6IDE1OQogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6ZmMwZDZlYzBmNmE0YWRiN2UwMGUyMDdjYzBmMWRmOTM0M2ViOTM0MDQxOTU1MTg4MjU2YWE5MGNhZTgwMDdjYiIsCiAgICAgICJzaXplIjogNzMzCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjozYjQwMjk2N2UxYjJhYWRlMDBjOTkwZWFlZmQ3NjEyMjYzZTFkNTZlMzMyNTE0Yzg5OTljZGM2NjYyNzVhYmRkIiwKICAgICAgInNpemUiOiA0Njk2NDIKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjI3NTA5NjI4OTY4MjQ3ZDNmNTg5Yjk5NGUzNWU1NWI5YjJjNTI3NzQ0NGFjNGUyMzg5OTcwM2UzNjRhZjY1ZjUiLAogICAgICAic2l6ZSI6IDM4Njk3NzM5CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo5ZWQwNmM0ZWRkMTllYzRjMDBhM2YxODlhMDNkOGM1Yzg0ODM4ZTc3MzQ3MTkwZDlmMTM1MDhkZDk5ZWZmMjk4IiwKICAgICAgInNpemUiOiAzNTA3MjcKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjRmNGZiNzAwZWY1NDQ2MWNmYTAyNTcxYWUwZGI5YTBkYzFlMGNkYjU1Nzc0ODRhNmQ3NWU2OGRjMzhlOGFjYzEiLAogICAgICAic2l6ZSI6IDMyCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo3YTFhMTQxMTQ3ZjYyMTY2MmJlYWUyZDc5MzcwODMyODU4YjFiY2EzZDIyMmRkNzY0YTYwYjY4NGViN2E0NzNlIiwKICAgICAgInNpemUiOiAyMDYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjJhM2YxNDM3NDVjNTBjMTRhMTJmZDBmYTdkOTAzYmY4MzBjZGQ2NTc2NDNhZWQ0MTVhNjMzMmEwMDdlMmEzMzMiLAogICAgICAic2l6ZSI6IDE5OTgKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmZjNTkxNmUxMWEzOTc5ZmM0NzFiOWFkMWU0NDIwMDBiZmI1YmQyNjJlZjg0YWFiOWYyMGJmODRiNzFmYmJkYzAiLAogICAgICAic2l6ZSI6IDM3NQogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6ZjE2MTJmYWNkMjhiNDIzOWEwNmE5OGZiNWUxMWMzMjViYmZkYmNkOGJjZWVkMDdlZDE2NjcxZWFkODdkOTQ2YiIsCiAgICAgICJzaXplIjogOTE1CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjoxMTFlYTU5YmNiNjZjZjYxOTFiYzU5YTI4ZTU4ZTI0MzIyNjkwYmFlODU2MTc4MThjZDY5YTYxNzM0MjAwYWIyIiwKICAgICAgInNpemUiOiAxMTAzCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjoxYWIxNjY5OWQ2ZDlkNzVkYzg0MmE4ZjUzMTUxM2NiYzk4OWFiYTY0Y2UxZWEzNjA2YTIzMmRlMWU0ZWVkNGIzIiwKICAgICAgInNpemUiOiAyNTYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjRmNGZiNzAwZWY1NDQ2MWNmYTAyNTcxYWUwZGI5YTBkYzFlMGNkYjU1Nzc0ODRhNmQ3NWU2OGRjMzhlOGFjYzEiLAogICAgICAic2l6ZSI6IDMyCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjpiMTMyMmJhYWE5Zjc3MmMwNzJlOWY0NDhkZjJkMDZiNjZkYmEyNzhkNTY3MGIyYWYwZDM5Njg0OTBkOTJlMzUwIiwKICAgICAgInNpemUiOiAxODg4MzQ2NgogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6NGY0ZmI3MDBlZjU0NDYxY2ZhMDI1NzFhZTBkYjlhMGRjMWUwY2RiNTU3NzQ4NGE2ZDc1ZTY4ZGMzOGU4YWNjMSIsCiAgICAgICJzaXplIjogMzIKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmExYzc5YjJlZjkwYmExZDlhZTMwZjNhOGNlNzEyYjQ0MGU0YWEyOGIxODc1NzA4ZmRjMTYwNzJkMTgyNTBhNmIiLAogICAgICAic2l6ZSI6IDE0OTQyMjY4OAogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6MzBhNmQ2NTMzN2JiOGE0Njg2MTUyMDVmMzFjOTJkYjZmMmRmYTFmMzJkNzI1Y2IxZjcwZjQwYjE4ODA1OGMyOSIsCiAgICAgICJzaXplIjogMzI1NgogICAgfQogIF0KfQ==", + "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJVc2VyIjoiY2FtcyIsIkV4cG9zZWRQb3J0cyI6eyI4MDgwL3RjcCI6e319LCJFbnYiOlsiUEFUSD0vb3B0L2phdmEvb3Blbmpkay9iaW46L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluIiwiSkFWQV9IT01FPS9vcHQvamF2YS9vcGVuamRrIiwiTEFORz1lbl9VUy5VVEYtOCIsIkxBTkdVQUdFPWVuX1VTOmVuIiwiTENfQUxMPWVuX1VTLlVURi04IiwiSkFWQV9WRVJTSU9OPWpkay0xNy4wLjEwKzciLCJKQVZBX09QVFM9LVhYOk1pblJBTVBlcmNlbnRhZ2U9NTAgLVhYOk1heFJBTVBlcmNlbnRhZ2U9ODAgLVhYOitVc2VDb250YWluZXJTdXBwb3J0IiwiU1BSSU5HX0NPTkZJR19MT0NBVElPTj1maWxlOi9ldGMvY2Ftcy8iLCJTUFJJTkdfUFJPRklMRVNfQUNUSVZFPSIsIkNBTVNfQVBQTElDQVRJT049YXBwbGljYXRpb24uamFyIiwiQ0FNU19BUFBfUE9SVD04MDgwIiwiVkVSU0lPTj0wLjE1MC4wIiwiTkFNRT1qb3VybmFsLXJlcG9ydC1zZXJ2aWNlcy1hcHAiXSwiRW50cnlwb2ludCI6WyIvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaCJdLCJXb3JraW5nRGlyIjoiL29wdC9jYW1zIiwiTGFiZWxzIjp7ImFyY2hpdGVjdHVyZSI6IiIsImJ6Y29tcG9uZW50Ijoiam91cm5hbC1yZXBvcnQtc2VydmljZXMtYXBwIiwibWFpbnRhaW5lciI6IlRlY2huZXN0IElUIFx1MDAzY2l0QHRlY2huZXN0LmVzXHUwMDNlIiwibmFtZSI6ImpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5yZWYubmFtZSI6InVidW50dSIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uIjoiMjAuMDQiLCJyZWxlYXNlIjoiMC4xNTAuMCIsInZlcnNpb24iOiIwLjE1MC4wIn19LCJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzoxMC42NTIyMDEwNVoiLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMjAyNC0wMi0xNlQyMTozMjo0OS42NjE2NzY5NVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIEFSRyBSRUxFQVNFIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NDkuNjk0NjczMjkzWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSAgQVJHIExBVU5DSFBBRF9CVUlMRF9BUkNIIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NDkuNzE5ODk2NTMxWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSAgTEFCRUwgb3JnLm9wZW5jb250YWluZXJzLmltYWdlLnJlZi5uYW1lPXVidW50dSIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAyLTE2VDIxOjMyOjQ5Ljc1ODkxMzc1N1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIExBQkVMIG9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uPTIwLjA0IiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NTIuMTc2NDA4NDFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIEFERCBmaWxlOmEyNTc5OGYzMTIxOTAwMGQ2YTgyZDJjOTI1ODc0MzkyNmIxYTQwMDUzMGQxMmRiYjFlYWRmMmMyNTE5Zjk4ODggaW4gLyAifSx7ImNyZWF0ZWQiOiIyMDI0LTAyLTE2VDIxOjMyOjUyLjM5MTMzMzc1NFoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIENNRCBbXCIvYmluL2Jhc2hcIl0iLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfSE9NRT0vb3B0L2phdmEvb3BlbmpkayIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IkVOViBQQVRIPS9vcHQvamF2YS9vcGVuamRrL2JpbjovdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJFTlYgTEFORz1lbl9VUy5VVEYtOCBMQU5HVUFHRT1lbl9VUzplbiBMQ19BTEw9ZW5fVVMuVVRGLTgiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBzZXQgLWV1eDsgICAgIGFwdC1nZXQgdXBkYXRlOyAgICAgREVCSUFOX0ZST05URU5EPW5vbmludGVyYWN0aXZlIGFwdC1nZXQgaW5zdGFsbCAteSAtLW5vLWluc3RhbGwtcmVjb21tZW5kcyAgICAgICAgIGN1cmwgICAgICAgICB3Z2V0ICAgICAgICAgZm9udGNvbmZpZyAgICAgICAgIGNhLWNlcnRpZmljYXRlcyBwMTEta2l0ICAgICAgICAgdHpkYXRhICAgICAgICAgbG9jYWxlcyAgICAgOyAgICAgZWNobyBcImVuX1VTLlVURi04IFVURi04XCIgXHUwMDNlXHUwMDNlIC9ldGMvbG9jYWxlLmdlbjsgICAgIGxvY2FsZS1nZW4gZW5fVVMuVVRGLTg7ICAgICBybSAtcmYgL3Zhci9saWIvYXB0L2xpc3RzLyogIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfVkVSU0lPTj1qZGstMTcuMC4xMCs3IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgc2V0IC1ldXg7ICAgICBBUkNIPVwiJChkcGtnIC0tcHJpbnQtYXJjaGl0ZWN0dXJlKVwiOyAgICAgY2FzZSBcIiR7QVJDSH1cIiBpbiAgICAgICAgYWFyY2g2NHxhcm02NCkgICAgICAgICAgRVNVTT0nMTYwODBkMDU1ZGEwOTYyZmJkNmI0MGY2NTlhOThhNDU3Y2JhM2VmYTdlYTcxNmQ1NDAwY2ZlYmU4YjkzNWJmMCc7ICAgICAgICAgIEJJTkFSWV9VUkw9J2h0dHBzOi8vZ2l0aHViLmNvbS9hZG9wdGl1bS90ZW11cmluMTctYmluYXJpZXMvcmVsZWFzZXMvZG93bmxvYWQvamRrLTE3LjAuMTAlMkI3L09wZW5KREsxN1UtanJlX2FhcmNoNjRfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIGFtZDY0fGkzODY6eDg2LTY0KSAgICAgICAgICBFU1VNPSc2MjBjYzBlNzMzOGYyNzIyZjNlZDA3NmFjNjVjMGZhZmI1NzU5ODE0MjZiYWM0ZTE5NzA4NjBlNWUyZDA0OGYwJzsgICAgICAgICAgQklOQVJZX1VSTD0naHR0cHM6Ly9naXRodWIuY29tL2Fkb3B0aXVtL3RlbXVyaW4xNy1iaW5hcmllcy9yZWxlYXNlcy9kb3dubG9hZC9qZGstMTcuMC4xMCUyQjcvT3BlbkpESzE3VS1qcmVfeDY0X2xpbnV4X2hvdHNwb3RfMTcuMC4xMF83LnRhci5neic7ICAgICAgICAgIDs7ICAgICAgICBhcm1oZnxhcm0pICAgICAgICAgIEVTVU09JzAzNzhiZGY2NzY5NjMyYjE4MmIyN2JhNGU1M2IxN2VhZWZlZmRiYWZhMzg0NWMxNWUxYmQ4OGE1YWVlYzg0NDInOyAgICAgICAgICBCSU5BUllfVVJMPSdodHRwczovL2dpdGh1Yi5jb20vYWRvcHRpdW0vdGVtdXJpbjE3LWJpbmFyaWVzL3JlbGVhc2VzL2Rvd25sb2FkL2pkay0xNy4wLjEwJTJCNy9PcGVuSkRLMTdVLWpyZV9hcm1fbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIHBwYzY0ZWx8cG93ZXJwYzpjb21tb242NCkgICAgICAgICAgRVNVTT0nNGUxOGI2MGRiYTU0MGI1YzQzMWZmMDNmNzRhMWM3M2IyMmQ4MzE1MWY5M2I4NzY4MjQxZDI2NGQxYTUzNTgyZCc7ICAgICAgICAgIEJJTkFSWV9VUkw9J2h0dHBzOi8vZ2l0aHViLmNvbS9hZG9wdGl1bS90ZW11cmluMTctYmluYXJpZXMvcmVsZWFzZXMvZG93bmxvYWQvamRrLTE3LjAuMTAlMkI3L09wZW5KREsxN1UtanJlX3BwYzY0bGVfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIHMzOTB4fHMzOTA6NjQtYml0KSAgICAgICAgICBFU1VNPSdjMWIyZmQyMzJmYzU1ZTgxNDQ3OWQ3NTg1ZDdlYzQ1YmFlOTUyYTJmNDEzNzA4NGYxZDk5Zjk1OGM2ODgwYTQ5JzsgICAgICAgICAgQklOQVJZX1VSTD0naHR0cHM6Ly9naXRodWIuY29tL2Fkb3B0aXVtL3RlbXVyaW4xNy1iaW5hcmllcy9yZWxlYXNlcy9kb3dubG9hZC9qZGstMTcuMC4xMCUyQjcvT3BlbkpESzE3VS1qcmVfczM5MHhfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgICopICAgICAgICAgIGVjaG8gXCJVbnN1cHBvcnRlZCBhcmNoOiAke0FSQ0h9XCI7ICAgICAgICAgIGV4aXQgMTsgICAgICAgICAgOzsgICAgIGVzYWM7ICAgICB3Z2V0IC0tcHJvZ3Jlc3M9ZG90OmdpZ2EgLU8gL3RtcC9vcGVuamRrLnRhci5neiAke0JJTkFSWV9VUkx9OyAgICAgZWNobyBcIiR7RVNVTX0gKi90bXAvb3Blbmpkay50YXIuZ3pcIiB8IHNoYTI1NnN1bSAtYyAtOyAgICAgbWtkaXIgLXAgXCIkSkFWQV9IT01FXCI7ICAgICB0YXIgLS1leHRyYWN0ICAgICAgICAgLS1maWxlIC90bXAvb3Blbmpkay50YXIuZ3ogICAgICAgICAtLWRpcmVjdG9yeSBcIiRKQVZBX0hPTUVcIiAgICAgICAgIC0tc3RyaXAtY29tcG9uZW50cyAxICAgICAgICAgLS1uby1zYW1lLW93bmVyICAgICA7ICAgICBybSAtZiAvdG1wL29wZW5qZGsudGFyLmd6ICR7SkFWQV9IT01FfS9saWIvc3JjLnppcDsgICAgIGZpbmQgXCIkSkFWQV9IT01FL2xpYlwiIC1uYW1lICcqLnNvJyAtZXhlYyBkaXJuYW1lICd7fScgJzsnIHwgc29ydCAtdSBcdTAwM2UgL2V0Yy9sZC5zby5jb25mLmQvZG9ja2VyLW9wZW5qZGsuY29uZjsgICAgIGxkY29uZmlnOyAgICAgamF2YSAtWHNoYXJlOmR1bXA7ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIHNldCAtZXV4OyAgICAgZWNobyBcIlZlcmlmeWluZyBpbnN0YWxsIC4uLlwiOyAgICAgZWNobyBcImphdmEgLS12ZXJzaW9uXCI7IGphdmEgLS12ZXJzaW9uOyAgICAgZWNobyBcIkNvbXBsZXRlLlwiICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IkNPUFkgZW50cnlwb2ludC5zaCAvX19jYWNlcnRfZW50cnlwb2ludC5zaCAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJFTlRSWVBPSU5UIFtcIi9fX2NhY2VydF9lbnRyeXBvaW50LnNoXCJdIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNjo0NS45NDE2OTAzNzdaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGVjaG8gJ2RlYmNvbmYgZGViY29uZi9mcm9udGVuZCBzZWxlY3QgTm9uaW50ZXJhY3RpdmUnIHwgZGViY29uZi1zZXQtc2VsZWN0aW9ucyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjAzLjA0OTQ2MjM4NVoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IHVwZGF0ZSBcdTAwMjZcdTAwMjYgICAgIGFwdCB1cGdyYWRlIC15IFx1MDAyNlx1MDAyNiAgICAgYXB0IGluc3RhbGwgLXkgc3VkbyBwcm9jcHMgbmV0LXRvb2xzICAgICAgYXB0LXV0aWxzIHdnZXQgY3VybCBjYS1jZXJ0aWZpY2F0ZXMganEgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzowOC42OTA0MDkxODFaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGFwdCBpbnN0YWxsIC15IGxpYmFwcjEgbGliYXBydXRpbDEgXHUwMDI2XHUwMDI2ICAgICBlY2hvICdMRF9MSUJSQVJZX1BBVEg9JExEX0xJQlJBUllfUEFUSDovdXNyL2xvY2FsL2Fwci9saWInIFx1MDAzZVx1MDAzZSAvZXRjL3Byb2ZpbGUuZC9hcGFjaGVfdG9tY2F0X25hdGl2ZV9saWJyYXJ5LnNoIFx1MDAyNlx1MDAyNiAgICAgZWNobyAnZXhwb3J0IExEX0xJQlJBUllfUEFUSCcgXHUwMDNlXHUwMDNlIC9ldGMvcHJvZmlsZS5kL2FwYWNoZV90b21jYXRfbmF0aXZlX2xpYnJhcnkuc2ggIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS4wODYxMjU1NloiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IGNsZWFuIGF1dG9jbGVhbiBcdTAwMjZcdTAwMjYgICAgIGFwdCBhdXRvcmVtb3ZlIC15IFx1MDAyNlx1MDAyNiAgICAgcm0gLXJmIC92YXIvbGliL3thcHQsZHBrZyxjYWNoZSxsb2d9LyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjE3Njk2NjQ1MVoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgZWNobyAndW5zZXQgSElTVE9SWScgXHUwMDNlXHUwMDNlIC9ldGMvcHJvZmlsZS5kL2Rpc2FibGVfYmFzaF9oaXN0b3J5LnNoIFx1MDAyNlx1MDAyNiAgICAgZWNobyAnZXhwb3J0IEhJU1RTSVpFPTAnICBcdTAwM2VcdTAwM2UgL2V0Yy9wcm9maWxlLmQvZGlzYWJsZV9iYXNoX2hpc3Rvcnkuc2ggIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS40MTE3OTU4NjVaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIG1rZGlyIC9vcHQvY2FtcyAvZXRjL3NzbC9jYW1zIFx1MDAyNlx1MDAyNiAgICAgZ3JvdXBhZGQgLWcgMTIwMCBjYW1zIFx1MDAyNlx1MDAyNiAgICAgYWRkdXNlciAtLXN5c3RlbSAtLXNoZWxsIC9zYmluL25vbG9naW4gLS1ob21lIC9vcHQvY2FtcyAtLWdpZCAxMjAwIC0tdWlkIDEyMDAgY2FtcyBcdTAwMjZcdTAwMjYgICAgIGNob3duIGNhbXM6Y2FtcyAvb3B0L2NhbXMgL2V0Yy9zc2wvY2FtcyBcdTAwMjZcdTAwMjYgICAgIGVjaG8gJ3NvdXJjZSAvZXRjL3Byb2ZpbGUnIFx1MDAzZVx1MDAzZSAvb3B0L2NhbXMvLmJhc2hyYyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjQ0MjUyMTI3WiIsImNyZWF0ZWRfYnkiOiJBREQgY2Ftcy5zdWRvZXJzIC9ldGMvc3Vkb2Vycy5kL2NhbXMgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS40ODQxOTIwMTVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgLS1jaG93bj1jYW1zOmNhbXMgZG9ja2VyLWVudHJ5cG9pbnQuc2ggL3Vzci9sb2NhbC9iaW4gIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS41OTUxODAyNTJaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGNobW9kIDc1NSAvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaCBcdTAwMjZcdTAwMjYgICAgIGNobW9kIDY1MCAvZXRjL3N1ZG9lcnMuZC9jYW1zICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMDlUMTM6MDc6MTEuNzM3NDg5OTQ4WiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBta2RpciAtcCAkSkFWQV9IT01FL2pyZS9saWIvc2VjdXJpdHkvIFx1MDAyNlx1MDAyNiAgICAgZWNobyBcIm5ldHdvcmthZGRyZXNzLmNhY2hlLnR0bD02MFwiIFx1MDAzZVx1MDAzZSAkSkFWQV9IT01FL2pyZS9saWIvc2VjdXJpdHkvamF2YS5zZWN1cml0eSAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjc3MzAyMjM4WiIsImNyZWF0ZWRfYnkiOiJVU0VSIGNhbXMiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjc3MzAyMjM4WiIsImNyZWF0ZWRfYnkiOiJXT1JLRElSIC9vcHQvY2FtcyIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS43NzMwMjIzOFoiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfT1BUUz0tWFg6TWluUkFNUGVyY2VudGFnZT01MCAtWFg6TWF4UkFNUGVyY2VudGFnZT04MCAtWFg6K1VzZUNvbnRhaW5lclN1cHBvcnQgU1BSSU5HX0NPTkZJR19MT0NBVElPTj1maWxlOi9ldGMvY2Ftcy8gU1BSSU5HX1BST0ZJTEVTX0FDVElWRT0gQ0FNU19BUFBMSUNBVElPTj1hcHBsaWNhdGlvbi5qYXIgQ0FNU19BUFBfUE9SVD04MDgwIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS43NzMwMjIzOFoiLCJjcmVhdGVkX2J5IjoiRU5UUllQT0lOVCBbXCIvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaFwiXSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MDkuMzg0NjUzNjE4WiIsImNyZWF0ZWRfYnkiOiJFTlYgVkVSU0lPTj0wLjE1MC4wIE5BTUU9am91cm5hbC1yZXBvcnQtc2VydmljZXMtYXBwIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzowOS4zODQ2NTM2MThaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIGJ6Y29tcG9uZW50PWpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCBuYW1lPWpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCB2ZXJzaW9uPTAuMTUwLjAgcmVsZWFzZT0wLjE1MC4wIGFyY2hpdGVjdHVyZT0gbWFpbnRhaW5lcj1UZWNobmVzdCBJVCBcdTAwM2NpdEB0ZWNobmVzdC5lc1x1MDAzZSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MDkuMzg0NjUzNjE4WiIsImNyZWF0ZWRfYnkiOiJVU0VSIHJvb3QiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjA5LjM4NDY1MzYxOFoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IHVwZGF0ZSBcdTAwMjZcdTAwMjYgYXB0IGluc3RhbGwgLXkgZm9udGNvbmZpZyBmb250cy1mcmVlZm9udC10dGYgZm9udHMtZnJlZWZvbnQtdHRmIGZvbnRzLWRlamF2dS1jb3JlIGZvbnRzLWRlamF2dS1leHRyYSAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjA5LjM4NDY1MzYxOFoiLCJjcmVhdGVkX2J5IjoiVVNFUiBjYW1zIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzowOS40MTk5ODE3MDhaIiwiY3JlYXRlZF9ieSI6IldPUktESVIgL29wdC9jYW1zIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjEwLjYwMzE2NzAwOVoiLCJjcmVhdGVkX2J5IjoiQ09QWSAtLWNob3duPWNhbXM6Y2FtcyAqLmphciAvb3B0L2NhbXMvYXBwbGljYXRpb24uamFyICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MTAuNjUyMjAxMDVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgLS1jaG93bj1jYW1zOmNhbXMgY29uZmlnIC9ldGMvY2FtcyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjEwLjY1MjIwMTA1WiIsImNyZWF0ZWRfYnkiOiJFWFBPU0UgbWFwWzgwODAvdGNwOnt9XSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9XSwib3MiOiJsaW51eCIsInJvb3RmcyI6eyJ0eXBlIjoibGF5ZXJzIiwiZGlmZl9pZHMiOlsic2hhMjU2OjVmYWY5YzBhOWVmZTQ2NzVlY2QyMWE0ZWM0MTdkNTEwNzdkNWU3NWRhOWU2NzMxNjFhOTRlN2Q2Y2Q0M2Y5MmMiLCJzaGEyNTY6NjFiYjgzNTg1OWFmM2IzNDE4ZDllNTExNWVlMGQwNDIxZDc3MWFmNGI1NzYzNTRjYjQ3ZTQ5MTE4OTg0MTFlNiIsInNoYTI1NjowODlmMTNlODZkNjQ0N2I5MTgyYTIzY2E0ZTM1N2IxM2YwNjcyMDhkYjFiMDRiYTE0Y2FjM2VkYjUxYzJlNmE4Iiwic2hhMjU2OjhhNjk5MmFlMTI3ZDYwM2Q5ODE2YjRhYzhkMWIzYjNmNmIwYmIyOWIxZTY0ZTM4Yzg2MjQ3ODA1ZGU3OTdkY2QiLCJzaGEyNTY6MzFjOTFjYjExOTY4ODNhMDg2MWFhNWYxZDM2M2U2ZTM0MzA3MDQxODcwNGRiNDZlNDdkZjE3MzVlYjk1ZTQ3MyIsInNoYTI1NjoyYWRiNzQ1OTY2NDA4ODJlNzJkMWNmZDU5Njg0ZDFkMzA1M2E0ZWFjY2M4Y2JkNGZmNzY5YTZiYzEwMzczNmQ5Iiwic2hhMjU2OmQzYmQ1ZTdkM2E3NzFlMTEyZWQ1YjBmNjFiZTA1NDY1NGQ4MjhjNTE5OGY2YWVlMjlkYzU3ZmI0N2Y1ZWNlZGUiLCJzaGEyNTY6ZWJlODAxZmNiZTYyZDYyZDViZWUzOTk0NzQzZjNkNTU2ZWNlYTNjNmZjYWM5ZTRlYjljNGIxNTdjZmQ1YzA1ZCIsInNoYTI1Njo1ZjcwYmYxOGEwODYwMDcwMTZlOTQ4YjA0YWVkM2I4MjEwM2EzNmJlYTQxNzU1YjZjZGRmYWYxMGFjZTNjNmVmIiwic2hhMjU2OmNkZjA4MDg2ZGJiNGZmOGU5ZGU3YjU5ODZhNGZlNzIwYTkxYjM1MDg5MzI5ODhhOTkzMWE0NGJjNTk1YzA0NTEiLCJzaGEyNTY6NjJjZWU0NWJmZDhkZTMwMDNhMTc0NWJhNWNjZTgzNjQyOWI5NmZhYjAxNWQ2YzhkMzQ3ZWRiNWZjMmI4ZjUzOCIsInNoYTI1Njo3ZDkzZjc0ZjkwYTU2NmY5MGY2Y2U3MzNlMWYwM2U1OTI3NzBmMGViNTc5ZWJiMzMzOWFjNDM3MzI5MTNkY2Y1Iiwic2hhMjU2OmI2MjZmZTMxMTRkMWFiZDZjNjI5YzVhZGViNzY5ZmUyODExMmUwMjY4MjQyYTFiYzY2NDk3ZWM2YzZmZGRmYzAiLCJzaGEyNTY6ZWNkYzcyMWUwZjBlNDI0NDk1OGZkNmVkNGFhNjU4ZjYwMGY2NmNjNDllOGUyNTg2ODBiYmI4ZjA3ODFiMWVhZSIsInNoYTI1NjpjM2Y3ZDk3MzhkYjZmZTMzYWE0MWUzNTliMzVjY2FkNjdjNTJlOWUxZmUxZDJhYThhZTk4NmE1MmM2M2FiZGJjIiwic2hhMjU2OjVmNzBiZjE4YTA4NjAwNzAxNmU5NDhiMDRhZWQzYjgyMTAzYTM2YmVhNDE3NTViNmNkZGZhZjEwYWNlM2M2ZWYiLCJzaGEyNTY6NDMwNTQ4NzBjNWVlNzljOWM0ODlkYjQyYjA1NGQ4MzJlZDdhZDM4YmI4NWQ3ZDA4NWFlNmQ5ZWQwZmEyMjE5MSIsInNoYTI1Njo1ZjcwYmYxOGEwODYwMDcwMTZlOTQ4YjA0YWVkM2I4MjEwM2EzNmJlYTQxNzU1YjZjZGRmYWYxMGFjZTNjNmVmIiwic2hhMjU2OjYyOTkzMWUxNjU2OGI3MDEyYmM5NGZhOTcxMDg1MzAxZjgyMzk4MTI2OTBmZjI0MjJmY2JmMmEyMjQ3NWViNTciLCJzaGEyNTY6OWZkZDdjMjBmYzA3OTI2NjljZjhlMTZhNzcwYzQwZDk5YzBmYTNiZjc0YjUxNTAwMjcwYjc2MmIxNDIwMDQ3ZCJdfX0=", + "repoDigests": [ + "REDACTED" + ], + "architecture": "amd64", + "os": "linux", + "labels": { + "architecture": "", + "bzcomponent": "REDACTED", + "maintainer": "REDACTED", + "name": "REDACTED", + "org.opencontainers.image.ref.name": "ubuntu", + "org.opencontainers.image.version": "20.04", + "release": "0.150.0", + "version": "0.150.0" + } + } + }, + "distro": { + "name": "ubuntu", + "version": "20.04", + "idLike": [ + "debian" + ] + }, + "descriptor": { + "name": "grype", + "version": "0.75.0", + "configuration": { + "output": [ + "json" + ], + "file": "container-report-linux-amd64.json", + "distro": "", + "add-cpes-if-none": false, + "output-template-file": "", + "check-for-app-update": true, + "only-fixed": false, + "only-notfixed": false, + "ignore-wontfix": "", + "platform": "linux/amd64", + "search": { + "scope": "squashed", + "unindexed-archives": false, + "indexed-archives": true + }, + "ignore": null, + "exclude": [], + "db": { + "cache-dir": "/root/.cache/grype/db", + "update-url": "https://toolbox-data.anchore.io/grype/databases/listing.json", + "ca-cert": "", + "auto-update": true, + "validate-by-hash-on-start": false, + "validate-age": true, + "max-allowed-built-age": 432000000000000, + "update-available-timeout": 30000000000, + "update-download-timeout": 120000000000 + }, + "externalSources": { + "enable": false, + "maven": { + "searchUpstreamBySha1": true, + "baseUrl": "https://search.maven.org/solrsearch/select" + } + }, + "match": { + "java": { + "using-cpes": false + }, + "dotnet": { + "using-cpes": false + }, + "golang": { + "using-cpes": false, + "always-use-cpe-for-stdlib": true + }, + "javascript": { + "using-cpes": false + }, + "python": { + "using-cpes": false + }, + "ruby": { + "using-cpes": false + }, + "rust": { + "using-cpes": false + }, + "stock": { + "using-cpes": true + } + }, + "fail-on-severity": "", + "registry": { + "insecure-skip-tls-verify": false, + "insecure-use-http": false, + "auth": null, + "ca-cert": "" + }, + "show-suppressed": false, + "by-cve": false, + "name": "", + "default-image-pull-source": "", + "vex-documents": [], + "vex-add": [] + }, + "db": { + "built": "2024-04-10T01:25:07Z", + "schemaVersion": 5, + "location": "/root/.cache/grype/db/5", + "checksum": "sha256:bb6e98b144551912bc9f1fe7381ad2b83c8e1d07d0b3a4c341bfea182ae1269c", + "error": null + }, + "timestamp": "2024-04-10T11:05:22.636338786Z" + } +} diff --git a/unittests/scans/n0s1/many_findings.json b/unittests/scans/n0s1/many_findings.json new file mode 100644 index 00000000000..839975ac3a3 --- /dev/null +++ b/unittests/scans/n0s1/many_findings.json @@ -0,0 +1,1375 @@ +{ + "tool": { + "name": "n0s1", + "version": "1.0.30", + "author": "Spark 1 Security", + "scan_arguments": { + "scan_comment": true, + "post_comment": false, + "secret_manager": "a secret manager tool", + "contact_help": "contact@spark1.us", + "label": "n0s1bot_auto_comment_e869dd5fa15ca0749a350aac758c7f56f56ad9be1", + "report_format": "json", + "debug": false, + "show_matched_secret_on_logs": false, + "scan_target": "confluence_scan", + "timeout": null, + "limit": null, + "scan_scope": "" + } + }, + "scan_date": { + "timestamp": 1761751223.023414, + "date_utc": "2025-10-29T15:20:23" + }, + "regex_config": { + "title": "n0s1 config 20231115 v002", + "rules": [ + { + "id": "gitlab_personal_access_token", + "description": "GitLab Personal Access Token", + "regex": "\\bglpat-[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab", + "revocation_type" + ], + "keywords": [ + "glpat" + ] + }, + { + "id": "gitlab_pipeline_trigger_token", + "description": "GitLab Pipeline Trigger Token", + "regex": "\\bglptt-[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "glptt" + ] + }, + { + "id": "gitlab_runner_registration_token", + "description": "GitLab Runner Registration Token", + "regex": "\\bGR1348941[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "GR1348941" + ] + }, + { + "id": "gitlab_runner_auth_token", + "description": "GitLab Runner Authentication Token", + "regex": "\\bglrt-[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "glrt" + ] + }, + { + "id": "gitlab_feed_token", + "description": "GitLab Feed Token", + "regex": "\\bfeed_token=[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "feed_token" + ] + }, + { + "id": "gitlab_oauth_app_secret", + "description": "GitLab OAuth Application Secrets", + "regex": "\\bgloas-[0-9a-zA-Z_\\-]{64}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "gloas" + ] + }, + { + "id": "gitlab_feed_token_v2", + "description": "GitLab Feed token", + "regex": "\\bglft-[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "glft" + ] + }, + { + "id": "gitlab_kubernetes_agent_token", + "description": "GitLab Agent for Kubernetes token", + "regex": "\\bglagent-[0-9a-zA-Z_\\-]{50}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "glagent" + ] + }, + { + "id": "gitlab_incoming_email_token", + "description": "GitLab Incoming email token", + "regex": "\\bglimt-[0-9a-zA-Z_\\-]{25}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "glimt" + ] + }, + { + "id": "AWS", + "description": "AWS Access Token", + "regex": "\\bAKIA[0-9A-Z]{16}\\b", + "tags": [ + "aws", + "revocation_type" + ], + "keywords": [ + "AKIA" + ] + }, + { + "id": "PKCS8 private key", + "description": "PKCS8 private key", + "regex": "-----BEGIN PRIVATE KEY-----", + "keywords": [ + "-----BEGIN PRIVATE KEY-----" + ] + }, + { + "id": "RSA private key", + "description": "RSA private key", + "regex": "-----BEGIN RSA PRIVATE KEY-----", + "keywords": [ + "-----BEGIN RSA PRIVATE KEY-----" + ] + }, + { + "id": "SSH private key", + "description": "SSH private key", + "regex": "-----BEGIN OPENSSH PRIVATE KEY-----", + "keywords": [ + "-----BEGIN OPENSSH PRIVATE KEY-----" + ] + }, + { + "id": "PGP private key", + "description": "PGP private key", + "regex": "-----BEGIN PGP PRIVATE KEY BLOCK-----", + "keywords": [ + "-----BEGIN PGP PRIVATE KEY BLOCK-----" + ] + }, + { + "description": "systemd machine-id", + "id": "systemd-machine-id", + "path": "^machine-id$", + "regex": "^[0-9a-f]{32}\\n$", + "entropy": 3.5 + }, + { + "id": "Github Personal Access Token", + "description": "Github Personal Access Token", + "regex": "ghp_[0-9a-zA-Z]{36}", + "keywords": [ + "ghp_" + ] + }, + { + "id": "Github OAuth Access Token", + "description": "Github OAuth Access Token", + "regex": "gho_[0-9a-zA-Z]{36}", + "keywords": [ + "gho_" + ] + }, + { + "id": "SSH (DSA) private key", + "description": "SSH (DSA) private key", + "regex": "-----BEGIN DSA PRIVATE KEY-----", + "keywords": [ + "-----BEGIN DSA PRIVATE KEY-----" + ] + }, + { + "id": "SSH (EC) private key", + "description": "SSH (EC) private key", + "regex": "-----BEGIN EC PRIVATE KEY-----", + "keywords": [ + "-----BEGIN EC PRIVATE KEY-----" + ] + }, + { + "id": "Github App Token", + "description": "Github App Token", + "regex": "(ghu|ghs)_[0-9a-zA-Z]{36}", + "keywords": [ + "ghu_", + "ghs_" + ] + }, + { + "id": "Github Refresh Token", + "description": "Github Refresh Token", + "regex": "ghr_[0-9a-zA-Z]{76}", + "keywords": [ + "ghr_" + ] + }, + { + "id": "Shopify shared secret", + "description": "Shopify shared secret", + "regex": "shpss_[a-fA-F0-9]{32}", + "keywords": [ + "shpss_" + ] + }, + { + "id": "Shopify access token", + "description": "Shopify access token", + "regex": "shpat_[a-fA-F0-9]{32}", + "keywords": [ + "shpat_" + ] + }, + { + "id": "Shopify custom app access token", + "description": "Shopify custom app access token", + "regex": "shpca_[a-fA-F0-9]{32}", + "keywords": [ + "shpca_" + ] + }, + { + "id": "Shopify private app access token", + "description": "Shopify private app access token", + "regex": "shppa_[a-fA-F0-9]{32}", + "keywords": [ + "shppa_" + ] + }, + { + "id": "Slack token", + "description": "Slack token", + "regex": "xox[baprs]-([0-9a-zA-Z]{10,48})?", + "keywords": [ + "xoxb", + "xoxa", + "xoxp", + "xoxr", + "xoxs" + ] + }, + { + "id": "Stripe", + "description": "Stripe", + "regex": "(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}", + "keywords": [ + "sk_test", + "pk_test", + "sk_live", + "pk_live" + ] + }, + { + "id": "PyPI upload token", + "description": "PyPI upload token", + "regex": "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}", + "tags": [ + "pypi", + "revocation_type" + ], + "keywords": [ + "pypi-AgEIcHlwaS5vcmc" + ] + }, + { + "id": "Google (GCP) Service-account", + "description": "Google (GCP) Service-account", + "tags": [ + "gitlab_partner_token", + "revocation_type" + ], + "regex": "\\\"private_key\\\":\\s*\\\"-{5}BEGIN PRIVATE KEY-{5}[\\s\\S]*?\",", + "keywords": [ + "service_account" + ] + }, + { + "id": "GCP API key", + "description": "GCP API keys can be misused to gain API quota from billed projects", + "tags": [ + "gitlab_partner_token", + "revocation_type" + ], + "regex": "(?i)\\b(AIza[0-9A-Za-z-_]{35})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "secretGroup": 1, + "keywords": [ + "AIza" + ] + }, + { + "id": "GCP OAuth client secret", + "description": "GCP OAuth client secrets can be misused to spoof your application", + "tags": [ + "gitlab_partner_token", + "revocation_type" + ], + "regex": "GOCSPX-[a-zA-Z0-9_-]{28}", + "keywords": [ + "GOCSPX-" + ] + }, + { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + { + "id": "Heroku API Key", + "description": "Heroku API Key", + "regex": "(?i)(?:heroku)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:=|\\|\\|:|<=|=>|:)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60]|$)", + "secretGroup": 1, + "keywords": [ + "heroku" + ] + }, + { + "id": "Slack Webhook", + "description": "Slack Webhook", + "regex": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}", + "keywords": [ + "https://hooks.slack.com/services" + ] + }, + { + "id": "Twilio API Key", + "description": "Twilio API Key", + "regex": "SK[0-9a-fA-F]{32}", + "keywords": [ + "SK", + "twilio" + ] + }, + { + "id": "Age secret key", + "description": "Age secret key", + "regex": "AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}", + "keywords": [ + "AGE-SECRET-KEY-1" + ] + }, + { + "id": "Facebook token", + "description": "Facebook token", + "regex": "(?i)(facebook[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "facebook" + ] + }, + { + "id": "Twitter token", + "description": "Twitter token", + "regex": "(?i)(twitter[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{35,44})['\\\"]", + "secretGroup": 3, + "keywords": [ + "twitter" + ] + }, + { + "id": "Adobe Client ID (Oauth Web)", + "description": "Adobe Client ID (Oauth Web)", + "regex": "(?i)(adobe[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "adobe" + ] + }, + { + "id": "Adobe Client Secret", + "description": "Adobe Client Secret", + "regex": "(p8e-)(?i)[a-z0-9]{32}", + "keywords": [ + "adobe", + "p8e-," + ] + }, + { + "id": "Alibaba AccessKey ID", + "description": "Alibaba AccessKey ID", + "regex": "(LTAI)(?i)[a-z0-9]{20}", + "keywords": [ + "LTAI" + ] + }, + { + "id": "Alibaba Secret Key", + "description": "Alibaba Secret Key", + "regex": "(?i)(alibaba[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{30})['\\\"]", + "secretGroup": 3, + "keywords": [ + "alibaba" + ] + }, + { + "id": "Asana Client ID", + "description": "Asana Client ID", + "regex": "(?i)(asana[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([0-9]{16})['\\\"]", + "secretGroup": 3, + "keywords": [ + "asana" + ] + }, + { + "id": "Asana Client Secret", + "description": "Asana Client Secret", + "regex": "(?i)(asana[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "asana" + ] + }, + { + "id": "Atlassian API token", + "description": "Atlassian API token", + "regex": "(?i)(atlassian[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{24})['\\\"]", + "secretGroup": 3, + "keywords": [ + "atlassian" + ] + }, + { + "id": "Bitbucket client ID", + "description": "Bitbucket client ID", + "regex": "(?i)(bitbucket[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "bitbucket" + ] + }, + { + "id": "Bitbucket client secret", + "description": "Bitbucket client secret", + "regex": "(?i)(bitbucket[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9_\\-]{64})['\\\"]", + "secretGroup": 3, + "keywords": [ + "bitbucket" + ] + }, + { + "id": "Beamer API token", + "description": "Beamer API token", + "regex": "(?i)(beamer[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](b_[a-z0-9=_\\-]{44})['\\\"]", + "secretGroup": 3, + "keywords": [ + "beamer" + ] + }, + { + "id": "Clojars API token", + "description": "Clojars API token", + "regex": "(CLOJARS_)(?i)[a-z0-9]{60}", + "keywords": [ + "CLOJARS_" + ] + }, + { + "id": "Contentful delivery API token", + "description": "Contentful delivery API token", + "regex": "(?i)(contentful[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9\\-=_]{43})['\\\"]", + "secretGroup": 3, + "keywords": [ + "contentful" + ] + }, + { + "id": "Contentful preview API token", + "description": "Contentful preview API token", + "regex": "(?i)(contentful[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9\\-=_]{43})['\\\"]", + "secretGroup": 3, + "keywords": [ + "contentful" + ] + }, + { + "id": "Databricks API token", + "description": "Databricks API token", + "regex": "dapi[a-h0-9]{32}", + "keywords": [ + "dapi", + "databricks" + ] + }, + { + "description": "DigitalOcean OAuth Access Token", + "id": "digitalocean-access-token", + "regex": "(?i)\\b(doo_v1_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "secretGroup": 1, + "keywords": [ + "doo_v1_" + ] + }, + { + "description": "DigitalOcean Personal Access Token", + "id": "digitalocean-pat", + "regex": "(?i)\\b(dop_v1_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "secretGroup": 1, + "keywords": [ + "dop_v1_" + ] + }, + { + "description": "DigitalOcean OAuth Refresh Token", + "id": "digitalocean-refresh-token", + "regex": "(?i)\\b(dor_v1_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "secretGroup": 1, + "keywords": [ + "dor_v1_" + ] + }, + { + "id": "Discord API key", + "description": "Discord API key", + "regex": "(?i)(discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{64})['\\\"]", + "secretGroup": 3, + "keywords": [ + "discord" + ] + }, + { + "id": "Discord client ID", + "description": "Discord client ID", + "regex": "(?i)(discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([0-9]{18})['\\\"]", + "secretGroup": 3, + "keywords": [ + "discord" + ] + }, + { + "id": "Discord client secret", + "description": "Discord client secret", + "regex": "(?i)(discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9=_\\-]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "discord" + ] + }, + { + "id": "Doppler API token", + "description": "Doppler API token", + "regex": "['\\\"](dp\\.pt\\.)(?i)[a-z0-9]{43}['\\\"]", + "keywords": [ + "doppler" + ] + }, + { + "id": "Dropbox API secret/key", + "description": "Dropbox API secret/key", + "regex": "(?i)(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{15})['\\\"]", + "keywords": [ + "dropbox" + ] + }, + { + "id": "Dropbox short lived API token", + "description": "Dropbox short lived API token", + "regex": "(?i)(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](sl\\.[a-z0-9\\-=_]{135})['\\\"]", + "keywords": [ + "dropbox" + ] + }, + { + "id": "Dropbox long lived API token", + "description": "Dropbox long lived API token", + "regex": "(?i)(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"][a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\\-_=]{43}['\\\"]", + "keywords": [ + "dropbox" + ] + }, + { + "id": "Duffel API token", + "description": "Duffel API token", + "regex": "['\\\"]duffel_(test|live)_(?i)[a-z0-9_-]{43}['\\\"]", + "keywords": [ + "duffel" + ] + }, + { + "id": "Dynatrace API token", + "description": "Dynatrace API token", + "regex": "['\\\"]dt0c01\\.(?i)[a-z0-9]{24}\\.[a-z0-9]{64}['\\\"]", + "keywords": [ + "dt0c01" + ] + }, + { + "id": "EasyPost API token", + "description": "EasyPost API token", + "regex": "['\\\"]EZAK(?i)[a-z0-9]{54}['\\\"]", + "keywords": [ + "EZAK" + ] + }, + { + "id": "EasyPost test API token", + "description": "EasyPost test API token", + "regex": "['\\\"]EZTK(?i)[a-z0-9]{54}['\\\"]", + "keywords": [ + "EZTK" + ] + }, + { + "id": "Fastly API token", + "description": "Fastly API token", + "regex": "(?i)(fastly[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9\\-=_]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "fastly" + ] + }, + { + "id": "Finicity client secret", + "description": "Finicity client secret", + "regex": "(?i)(finicity[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{20})['\\\"]", + "secretGroup": 3, + "keywords": [ + "finicity" + ] + }, + { + "id": "Finicity API token", + "description": "Finicity API token", + "regex": "(?i)(finicity[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "finicity" + ] + }, + { + "id": "Flutterwave public key", + "description": "Flutterwave public key", + "regex": "FLWPUBK_TEST-(?i)[a-h0-9]{32}-X", + "keywords": [ + "FLWPUBK_TEST" + ] + }, + { + "id": "Flutterwave secret key", + "description": "Flutterwave secret key", + "regex": "FLWSECK_TEST-(?i)[a-h0-9]{32}-X", + "keywords": [ + "FLWSECK_TEST" + ] + }, + { + "id": "Flutterwave encrypted key", + "description": "Flutterwave encrypted key", + "regex": "FLWSECK_TEST[a-h0-9]{12}", + "keywords": [ + "FLWSECK_TEST" + ] + }, + { + "id": "Frame.io API token", + "description": "Frame.io API token", + "regex": "fio-u-(?i)[a-z0-9-_=]{64}", + "keywords": [ + "fio-u-" + ] + }, + { + "id": "GoCardless API token", + "description": "GoCardless API token", + "regex": "['\\\"]live_(?i)[a-z0-9-_=]{40}['\\\"]", + "keywords": [ + "gocardless" + ] + }, + { + "id": "Grafana API token", + "description": "Grafana API token", + "regex": "['\\\"]eyJrIjoi(?i)[a-z0-9-_=]{72,92}['\\\"]", + "keywords": [ + "grafana" + ] + }, + { + "id": "Hashicorp Terraform user/org API token", + "description": "Hashicorp Terraform user/org API token", + "regex": "['\\\"](?i)[a-z0-9]{14}\\.atlasv1\\.[a-z0-9-_=]{60,70}['\\\"]", + "keywords": [ + "atlasv1", + "hashicorp", + "terraform" + ] + }, + { + "id": "Hashicorp Vault batch token", + "description": "Hashicorp Vault batch token", + "regex": "b\\.AAAAAQ[0-9a-zA-Z_-]{156}", + "keywords": [ + "hashicorp", + "AAAAAQ", + "vault" + ] + }, + { + "id": "Hubspot API token", + "description": "Hubspot API token", + "regex": "(?i)(hubspot[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\\\"]", + "secretGroup": 3, + "keywords": [ + "hubspot" + ] + }, + { + "id": "Intercom API token", + "description": "Intercom API token", + "regex": "(?i)(intercom[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9=_]{60})['\\\"]", + "secretGroup": 3, + "keywords": [ + "intercom" + ] + }, + { + "id": "Intercom client secret/ID", + "description": "Intercom client secret/ID", + "regex": "(?i)(intercom[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\\\"]", + "secretGroup": 3, + "keywords": [ + "intercom" + ] + }, + { + "id": "Ionic API token", + "description": "Ionic API token", + "regex": "ion_(?i)[a-z0-9]{42}", + "keywords": [ + "ion_" + ] + }, + { + "id": "Linear API token", + "description": "Linear API token", + "regex": "lin_api_(?i)[a-z0-9]{40}", + "keywords": [ + "lin_api_" + ] + }, + { + "id": "Linear client secret/ID", + "description": "Linear client secret/ID", + "regex": "(?i)(linear[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "linear" + ] + }, + { + "id": "Lob API Key", + "description": "Lob API Key", + "regex": "(?i)(lob[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]((live|test)_[a-f0-9]{35})['\\\"]", + "secretGroup": 3, + "keywords": [ + "lob" + ] + }, + { + "id": "Lob Publishable API Key", + "description": "Lob Publishable API Key", + "regex": "(?i)(lob[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]((test|live)_pub_[a-f0-9]{31})['\\\"]", + "secretGroup": 3, + "keywords": [ + "lob" + ] + }, + { + "id": "Mailchimp API key", + "description": "Mailchimp API key", + "regex": "(?i)(mailchimp[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32}-us20)['\\\"]", + "secretGroup": 3, + "keywords": [ + "mailchimp" + ] + }, + { + "id": "Mailgun private API token", + "description": "Mailgun private API token", + "regex": "(?i)(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](key-[a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "mailgun" + ] + }, + { + "id": "Mailgun public validation key", + "description": "Mailgun public validation key", + "regex": "(?i)(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](pubkey-[a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "mailgun" + ] + }, + { + "id": "Mailgun webhook signing key", + "description": "Mailgun webhook signing key", + "regex": "(?i)(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\\\"]", + "secretGroup": 3, + "keywords": [ + "mailgun" + ] + }, + { + "id": "Mapbox API token", + "description": "Mapbox API token", + "regex": "(?i)(pk\\.[a-z0-9]{60}\\.[a-z0-9]{22})", + "keywords": [ + "mapbox" + ] + }, + { + "id": "messagebird-api-token", + "description": "MessageBird API token", + "regex": "(?i)(messagebird[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{25})['\\\"]", + "secretGroup": 3, + "keywords": [ + "messagebird" + ] + }, + { + "id": "MessageBird API client ID", + "description": "MessageBird API client ID", + "regex": "(?i)(messagebird[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\\\"]", + "secretGroup": 3, + "keywords": [ + "messagebird" + ] + }, + { + "id": "New Relic user API Key", + "description": "New Relic user API Key", + "regex": "['\\\"](NRAK-[A-Z0-9]{27})['\\\"]", + "keywords": [ + "NRAK" + ] + }, + { + "id": "New Relic user API ID", + "description": "New Relic user API ID", + "regex": "(?i)(newrelic[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([A-Z0-9]{64})['\\\"]", + "secretGroup": 3, + "keywords": [ + "newrelic" + ] + }, + { + "id": "New Relic ingest browser API token", + "description": "New Relic ingest browser API token", + "regex": "['\\\"](NRJS-[a-f0-9]{19})['\\\"]", + "keywords": [ + "NRJS" + ] + }, + { + "id": "npm access token", + "description": "npm access token", + "regex": "['\\\"](npm_(?i)[a-z0-9]{36})['\\\"]", + "keywords": [ + "npm_" + ] + }, + { + "id": "Planetscale password", + "description": "Planetscale password", + "regex": "pscale_pw_(?i)[a-z0-9\\-_\\.]{43}", + "keywords": [ + "pscale_pw_" + ] + }, + { + "id": "Planetscale API token", + "description": "Planetscale API token", + "regex": "pscale_tkn_(?i)[a-z0-9\\-_\\.]{43}", + "keywords": [ + "pscale_tkn_" + ] + }, + { + "id": "Postman API token", + "description": "Postman API token", + "regex": "PMAK-(?i)[a-f0-9]{24}\\-[a-f0-9]{34}", + "keywords": [ + "PMAK-" + ] + }, + { + "id": "Pulumi API token", + "description": "Pulumi API token", + "regex": "pul-[a-f0-9]{40}", + "keywords": [ + "pul-" + ] + }, + { + "id": "Rubygem API token", + "description": "Rubygem API token", + "regex": "rubygems_[a-f0-9]{48}", + "keywords": [ + "rubygems_" + ] + }, + { + "id": "Segment Public API token", + "description": "Segment Public API token", + "regex": "sgp_[a-zA-Z0-9]{64}", + "keywords": [ + "sgp_" + ] + }, + { + "id": "Sendgrid API token", + "description": "Sendgrid API token", + "regex": "SG\\.(?i)[a-z0-9_\\-\\.]{66}", + "keywords": [ + "sendgrid" + ] + }, + { + "id": "Sendinblue API token", + "description": "Sendinblue API token", + "regex": "xkeysib-[a-f0-9]{64}\\-(?i)[a-z0-9]{16}", + "keywords": [ + "xkeysib-" + ] + }, + { + "id": "Sendinblue SMTP token", + "description": "Sendinblue SMTP token", + "regex": "xsmtpsib-[a-f0-9]{64}\\-(?i)[a-z0-9]{16}", + "keywords": [ + "xsmtpsib-" + ] + }, + { + "id": "Shippo API token", + "description": "Shippo API token", + "regex": "shippo_(live|test)_[a-f0-9]{40}", + "keywords": [ + "shippo_" + ] + }, + { + "id": "Linkedin Client secret", + "description": "Linkedin Client secret", + "regex": "(?i)(linkedin[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z]{16})['\\\"]", + "secretGroup": 3, + "keywords": [ + "linkedin" + ] + }, + { + "id": "Linkedin Client ID", + "description": "Linkedin Client ID", + "regex": "(?i)(linkedin[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{14})['\\\"]", + "secretGroup": 3, + "keywords": [ + "linkedin" + ] + }, + { + "id": "Twitch API token", + "description": "Twitch API token", + "regex": "(?i)(twitch[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{30})['\\\"]", + "secretGroup": 3, + "keywords": [ + "twitch" + ] + }, + { + "id": "Typeform API token", + "description": "Typeform API token", + "regex": "(?i)(typeform[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}(tfp_[a-z0-9\\-_\\.=]{59})", + "secretGroup": 3, + "keywords": [ + "typeform" + ] + }, + { + "id": "Yandex.Cloud IAM Cookie v1 - 1", + "description": "Yandex.Cloud IAM Cookie v1", + "regex": "\\bc1\\.[A-Z0-9a-z_-]+[=]{0,2}\\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "yandex" + ] + }, + { + "id": "Yandex.Cloud IAM Cookie v1 - 2", + "description": "Yandex.Cloud IAM Token v1", + "regex": "\\bt1\\.[A-Z0-9a-z_-]+[=]{0,2}\\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "yandex" + ] + }, + { + "id": "Yandex.Cloud IAM Cookie v1 - 3", + "description": "Yandex.Cloud IAM API key v1", + "regex": "\\bAQVN[A-Za-z0-9_\\-]{35,38}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "yandex" + ] + }, + { + "id": "Yandex.Cloud AWS API compatible Access Secret", + "description": "Yandex.Cloud AWS API compatible Access Secret", + "regex": "\\bYC[a-zA-Z0-9_\\-]{38}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "yandex" + ] + }, + { + "id": "Meta access token", + "description": "Meta access token", + "regex": "\\bEA[a-zA-Z0-9]{90,400}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "EA" + ] + }, + { + "id": "Oculus access token", + "description": "Oculus access token", + "regex": "\\bOC[a-zA-Z0-9]{90,400}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "OC" + ] + }, + { + "id": "Instagram access token", + "description": "Instagram access token", + "regex": "\\bIG[a-zA-Z0-9]{90,400}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "IG" + ] + }, + { + "id": "CircleCI access tokens", + "description": "CircleCI access tokens", + "regex": "\\bCCI(?:PAT|PRJ)_[a-zA-Z0-9]{22}_[a-f0-9]{40}", + "keywords": [ + "CircleCI" + ] + }, + { + "description": "Open AI API key", + "id": "open ai token", + "regex": "\\bsk-[a-zA-Z0-9]{48}\\b", + "keywords": [ + "sk-" + ] + }, + { + "id": "Tailscale key", + "description": "Tailscale keys", + "regex": "\\btskey-\\w+-\\w+-\\w+\\b", + "keywords": [ + "tskey-" + ] + } + ] + }, + "findings": { + "49757d656e182f9732f85b94d8131b351dc7cddcf4038b338064af51450986f1": { + "id": "49757d656e182f9732f85b94d8131b351dc7cddcf4038b338064af51450986f1", + "url": "https://testing.atlassian.net/wiki/spaces/CS/pages/19968862/007-3.3+Configuration", + "secret": "##\naws.access.keyId=\naws.access.secretKe", + "details": { + "matched_regex_config": { + "id": "AWS", + "description": "AWS Access Token", + "regex": "\\bAKIA[0-9A-Z]{16}\\b", + "tags": [ + "aws", + "revocation_type" + ], + "keywords": [ + "AKIA" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "05610c1c48395ed79b7b4b4dbce7407a4bfb8bdbb8d3edce785d172ac2a68e18": { + "id": "05610c1c48395ed79b7b4b4dbce7407a4bfb8bdbb8d3edce785d172ac2a68e18", + "url": "https://testing.atlassian.net/wiki/spaces/DAT/pages/25002228/Atlas+DB+Connector", + "secret": "ostgres url\n\nurl = \"\nengine = sqlalchemy", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "d2e4247f2926ba8fec40a059cca536748af3c2011fce265f0f15e5cfd9bb552b": { + "id": "d2e4247f2926ba8fec40a059cca536748af3c2011fce265f0f15e5cfd9bb552b", + "url": "https://testing.atlassian.net/wiki/spaces/DS/pages/21540885/Safeguard+-+other+DB+engines+for+the+audio+hashes", + "secret": "ONNECTION_STRING = '\nclient = MongoClien", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "bf2e6402fd0d051f87682f0fd2c83fc30737c17657f436ba6c8ce2508af6f623": { + "id": "bf2e6402fd0d051f87682f0fd2c83fc30737c17657f436ba6c8ce2508af6f623", + "url": "https://testing.atlassian.net/wiki/spaces/DMP/pages/1288474/SSH+Tunnel+to+Cloud+SQL", + "secret": "hemy.create_engine('\n\tSession = sessionm", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "e1343d4d60f2a5eb87ec4472c331c7c2ef7da737b0376bd199067fc4377b5e0c": { + "id": "e1343d4d60f2a5eb87ec4472c331c7c2ef7da737b0376bd199067fc4377b5e0c", + "url": "https://testing.atlassian.net/wiki/spaces/PROBILLER/pages/29948310/Adding+a+new+support+site+BE", + "secret": "olspan=\"1\">>\"\n\t}\n}]]>"
      &", + "details": { + "matched_regex_config": { + "id": "Stripe", + "description": "Stripe", + "regex": "(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}", + "keywords": [ + "sk_test", + "pk_test", + "sk_live", + "pk_live" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "8e01b92cb297f9b6041964559ddeed1bcfe61599310dab067f2f09fb7531281b": { + "id": "8e01b92cb297f9b6041964559ddeed1bcfe61599310dab067f2f09fb7531281b", + "url": "https://testing.atlassian.net/wiki/spaces/PROBILLER/pages/30154330/TODO+NOTE+FOR+Request", + "secret": "olspan=\"1\">    o\\nMIIEvgIBADANBgkqhk", + "details": { + "matched_regex_config": { + "id": "PKCS8 private key", + "description": "PKCS8 private key", + "regex": "-----BEGIN PRIVATE KEY-----", + "keywords": [ + "-----BEGIN PRIVATE KEY-----" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "8c6469ccd4deab89a9f6c6317f84c7deec651210136c3d0462cae45808224e88": { + "id": "8c6469ccd4deab89a9f6c6317f84c7deec651210136c3d0462cae45808224e88", + "url": "https://testing.atlassian.net/wiki/spaces/PROBILLER/pages/30154387/List+of+Google+Experiments", + "secret": "te_key": "\\nMIIEvgIBADANBgkqhk", + "details": { + "matched_regex_config": { + "id": "PKCS8 private key", + "description": "PKCS8 private key", + "regex": "-----BEGIN PRIVATE KEY-----", + "keywords": [ + "-----BEGIN PRIVATE KEY-----" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "db44576aaaf05a1dd3337c4c55739d1c981346b4745615814f2543575a7e0a4f": { + "id": "db44576aaaf05a1dd3337c4c55739d1c981346b4745615814f2543575a7e0a4f", + "url": "https://testing.atlassian.net/wiki/spaces/INFSEC/pages/43549424/Legal+Workflows", + "secret": "xy_auth = 'otating.proxyrack.ne", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "95313351d245a509fdceca3c8c0b7549d078f915c75bfc423cab13c706ba0006": { + "id": "95313351d245a509fdceca3c8c0b7549d078f915c75bfc423cab13c706ba0006", + "url": "https://testing.atlassian.net/wiki/spaces/MGNUT/pages/23112821/Postman", + "secret": "-header 'X-Api-Key: '

    2. Base", + "details": { + "matched_regex_config": { + "id": "Postman API token", + "description": "Postman API token", + "regex": "PMAK-(?i)[a-f0-9]{24}\\-[a-f0-9]{34}", + "keywords": [ + "PMAK-" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "f98f3c10baeb90fed6e138c82b697c99d7c89dbf30958b4ad971da89b8fd13df": { + "id": "f98f3c10baeb90fed6e138c82b697c99d7c89dbf30958b4ad971da89b8fd13df", + "url": "https://testing.atlassian.net/wiki/spaces/mobi/pages/15569913/Useful+commands", + "secret": "[CDATA[curl -IL -x \"\n\nOR\n\ncurl -IL -x vi", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "3a07f81938c833cf5ba2af471965a5204343cb2013371a5a897fd9298e37ad65": { + "id": "3a07f81938c833cf5ba2af471965a5204343cb2013371a5a897fd9298e37ad65", + "url": "https://testing.atlassian.net/wiki/spaces/NIC/pages/7604505/Distributions+Environments", + "secret": " \"current_key\": \"\n }\n ],\n", + "details": { + "matched_regex_config": { + "id": "GCP API key", + "description": "GCP API keys can be misused to gain API quota from billed projects", + "tags": [ + "gitlab_partner_token", + "revocation_type" + ], + "regex": "(?i)\\b(AIza[0-9A-Za-z-_]{35})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "secretGroup": 1, + "keywords": [ + "AIza" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "b9dcabfcbfada43276938c2a20cfc6850f66b03c8dba12ed23e1bb04a57f9e2c": { + "id": "b9dcabfcbfada43276938c2a20cfc6850f66b03c8dba12ed23e1bb04a57f9e2c", + "url": "https://testing.atlassian.net/wiki/spaces/NIC/pages/7663554/Compliance+Operations", + "secret": "56&X-Amz-Credential=%2F20210713%2Fus-eas", + "details": { + "matched_regex_config": { + "id": "AWS", + "description": "AWS Access Token", + "regex": "\\bAKIA[0-9A-Z]{16}\\b", + "tags": [ + "aws", + "revocation_type" + ], + "keywords": [ + "AKIA" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "f052f9155e7489bf779a45ec416e5d23a4c63e26ea5527486290b1ea29cffa65": { + "id": "f052f9155e7489bf779a45ec416e5d23a4c63e26ea5527486290b1ea29cffa65", + "url": "https://testing.atlassian.net/wiki/spaces/paysites/pages/30531725/Cron+Job+List", + "secret": "et -m -r -np -t inf \ncd /home/dbimport/2", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "f7d257a57274f1aaa0418ea694fd2b3784b34f8b5d0fb797a9c2f1a1297388ce": { + "id": "f7d257a57274f1aaa0418ea694fd2b3784b34f8b5d0fb797a9c2f1a1297388ce", + "url": "https://testing.atlassian.net/wiki/spaces/PE/pages/41207424/Troubleshooting", + "secret": "e contained within '' and '-----END PRIV", + "details": { + "matched_regex_config": { + "id": "PKCS8 private key", + "description": "PKCS8 private key", + "regex": "-----BEGIN PRIVATE KEY-----", + "keywords": [ + "-----BEGIN PRIVATE KEY-----" + ] + }, + "platform": "Confluence", + "ticket_field": "comments" + } + } + } +} \ No newline at end of file diff --git a/unittests/scans/openreports/openreports_list_format.json b/unittests/scans/openreports/openreports_list_format.json new file mode 100644 index 00000000000..957ed4f2d8f --- /dev/null +++ b/unittests/scans/openreports/openreports_list_format.json @@ -0,0 +1,127 @@ +{ + "apiVersion": "v1", + "items": [ + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:28:32Z", + "generation": 3, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-app1-630fc", + "namespace": "test", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-app1-630fc", + "uid": "1bd065b0-4272-4a1b-9596-8010e256f3c6" + } + ], + "resourceVersion": "4932284", + "uid": "b1fcca57-2efd-44d3-89e9-949e29b61936" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "app1", + "uid": "d0cbd625-d495-415e-bf39-b4e3c4f4366e" + }, + "summary": { + "fail": 0, + "skip": 0, + "warn": 1 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:26:35Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-app2-630fc", + "namespace": "test", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-app2-630fc", + "uid": "fe6e485f-cf48-4274-b4ef-b6405b791646" + } + ], + "resourceVersion": "4269625", + "uid": "f6d3c38b-f36c-4853-a21a-c08955371c64" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "configuration scan", + "message": "Container running as root user", + "policy": "SECURITY-001", + "properties": { + "fixedVersion": "", + "installedVersion": "latest", + "pkgName": "container-config", + "primaryURL": "https://security.example.com/policies/SECURITY-001" + }, + "result": "warn", + "severity": "medium", + "source": "policy-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "app2", + "uid": "71331981-7efa-4a56-925c-e7c861731ae6" + }, + "summary": { + "fail": 1, + "skip": 0, + "warn": 1 + } + } + ], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} \ No newline at end of file diff --git a/unittests/scans/openreports/openreports_no_results.json b/unittests/scans/openreports/openreports_no_results.json new file mode 100644 index 00000000000..ebebb36afc8 --- /dev/null +++ b/unittests/scans/openreports/openreports_no_results.json @@ -0,0 +1,36 @@ +{ + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:26:27Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-clean-app-b2131", + "namespace": "test", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-clean-app-b2131", + "uid": "cdc1999a-2e70-4917-b606-e137be3c2aad" + } + ], + "resourceVersion": "4269547", + "uid": "f06c27ce-9ef6-418b-8049-3a5be737da35" + }, + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "clean-app", + "uid": "f9ca3c43-302e-46ba-a19e-d2651c8d941b" + }, + "summary": { + "fail": 0, + "skip": 0, + "warn": 0 + } +} \ No newline at end of file diff --git a/unittests/scans/openreports/openreports_single_report.json b/unittests/scans/openreports/openreports_single_report.json new file mode 100644 index 00000000000..59fd2855db9 --- /dev/null +++ b/unittests/scans/openreports/openreports_single_report.json @@ -0,0 +1,80 @@ +{ + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:28:32Z", + "generation": 3, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-test-app-630fc", + "namespace": "test", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-test-app-630fc", + "uid": "1bd065b0-4272-4a1b-9596-8010e256f3c6" + } + ], + "resourceVersion": "4932284", + "uid": "b1fcca57-2efd-44d3-89e9-949e29b61936" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "compliance check", + "message": "Missing security headers in HTTP response", + "policy": "CIS-BENCH-001", + "properties": { + "fixedVersion": "Configure proper security headers", + "installedVersion": "N/A", + "pkgName": "web-server", + "primaryURL": "https://www.cisecurity.org/benchmark/docker" + }, + "result": "fail", + "severity": "low", + "source": "compliance-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "test-app", + "uid": "d0cbd625-d495-415e-bf39-b4e3c4f4366e" + }, + "summary": { + "fail": 2, + "skip": 0, + "warn": 1 + } +} \ No newline at end of file diff --git a/unittests/scans/zora/scan_empty.csv b/unittests/scans/zora/scan_empty.csv new file mode 100644 index 00000000000..15b75dc8149 --- /dev/null +++ b/unittests/scans/zora/scan_empty.csv @@ -0,0 +1 @@ +source,checkID,title,severity,status,remediation diff --git a/unittests/scans/zora/scan_many.csv b/unittests/scans/zora/scan_many.csv new file mode 100644 index 00000000000..581cb11e9a0 --- /dev/null +++ b/unittests/scans/zora/scan_many.csv @@ -0,0 +1,489 @@ +"source","image","id","title","severity","status","description","fixVersion" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-26519","musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...","UNKNOWN","fixed","musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.","1.2.5-r1" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2024-12797","openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected","HIGH","fixed","Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a +server may fail to notice that the server was not authenticated, because +handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode +is set. + +Impact summary: TLS and DTLS connections using raw public keys may be +vulnerable to man-in-middle attacks when server authentication failure is not +detected by clients. + +RPKs are disabled by default in both TLS clients and TLS servers. The issue +only arises when TLS clients explicitly enable RPK use by the server, and the +server, likewise, enables sending of an RPK instead of an X.509 certificate +chain. The affected clients are those that then rely on the handshake to +fail when the server's RPK fails to match one of the expected public keys, +by setting the verification mode to SSL_VERIFY_PEER. + +Clients that enable server-side raw public keys can still find out that raw +public key verification failed by calling SSL_get_verify_result(), and those +that do, and take appropriate action, are not affected. This issue was +introduced in the initial implementation of RPK support in OpenSSL 3.2. + +The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.","" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2024-13176","openssl: Timing side-channel in ECDSA signature computation","MEDIUM","fixed","Issue summary: A timing side-channel which could potentially allow recovering +the private key exists in the ECDSA signature computation. + +Impact summary: A timing side-channel in ECDSA signature computations +could allow recovering the private key by an attacker. However, measuring +the timing would require either local access to the signing application or +a very fast network connection with low latency. + +There is a timing signal of around 300 nanoseconds when the top word of +the inverted ECDSA nonce value is zero. This can happen with significant +probability only for some of the supported elliptic curves. In particular +the NIST P-521 curve is affected. To be able to measure this leak, the attacker +process must either be located in the same physical computer or must +have a very fast network connection with low latency. For that reason +the severity of this vulnerability is Low. + +The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-9230","openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap","MEDIUM","fixed","Issue summary: An application trying to decrypt CMS messages encrypted using +password based encryption can trigger an out-of-bounds read and write. + +Impact summary: This out-of-bounds read may trigger a crash which leads to +Denial of Service for an application. The out-of-bounds write can cause +a memory corruption which can have various consequences including +a Denial of Service or Execution of attacker-supplied code. + +Although the consequences of a successful exploit of this vulnerability +could be severe, the probability that the attacker would be able to +perform it is low. Besides, password based (PWRI) encryption support in CMS +messages is very rarely used. For that reason the issue was assessed as +Moderate severity according to our Security Policy. + +The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this +issue, as the CMS implementation is outside the OpenSSL FIPS module +boundary.","3.3.5-r0" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-9231","openssl: Timing side-channel in SM2 algorithm on 64 bit ARM","MEDIUM","fixed","Issue summary: A timing side-channel which could potentially allow remote +recovery of the private key exists in the SM2 algorithm implementation on 64 bit +ARM platforms. + +Impact summary: A timing side-channel in SM2 signature computations on 64 bit +ARM platforms could allow recovering the private key by an attacker.. + +While remote key recovery over a network was not attempted by the reporter, +timing measurements revealed a timing signal which may allow such an attack. + +OpenSSL does not directly support certificates with SM2 keys in TLS, and so +this CVE is not relevant in most TLS contexts. However, given that it is +possible to add support for such certificates via a custom provider, coupled +with the fact that in such a custom provider context the private key may be +recoverable via remote timing measurements, we consider this to be a Moderate +severity issue. + +The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this +issue, as SM2 is not an approved algorithm.","3.3.5-r0" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-9232","openssl: Out-of-bounds read in HTTP client no_proxy handling","LOW","fixed","Issue summary: An application using the OpenSSL HTTP client API functions may +trigger an out-of-bounds read if the 'no_proxy' environment variable is set and +the host portion of the authority component of the HTTP URL is an IPv6 address. + +Impact summary: An out-of-bounds read can trigger a crash which leads to +Denial of Service for an application. + +The OpenSSL HTTP client API functions can be used directly by applications +but they are also used by the OCSP client functions and CMP (Certificate +Management Protocol) client implementation in OpenSSL. However the URLs used +by these implementations are unlikely to be controlled by an attacker. + +In this vulnerable code the out of bounds read can only trigger a crash. +Furthermore the vulnerability requires an attacker-controlled URL to be +passed from an application to the OpenSSL function and the user has to have +a 'no_proxy' environment variable set. For the aforementioned reasons the +issue was assessed as Low severity. + +The vulnerable code was introduced in the following patch releases: +3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. + +The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this +issue, as the HTTP client implementation is outside the OpenSSL FIPS module +boundary.","3.3.5-r0" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-32793","In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters","MEDIUM","fixed","Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue.","1.15.16, 1.16.9, 1.17.3" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-22870","golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net","MEDIUM","fixed","Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to ""*.example.com"", a request to ""[::1%25.example.com]:80` will incorrectly match and not be proxied.","0.36.0" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-58183","golang: archive/tar: Unbounded allocation when parsing GNU sparse map","HIGH","fixed","tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-22866","crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec","MEDIUM","fixed","Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.","1.22.12, 1.23.6, 1.24.0-rc.3" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-47912","net/url: Insufficient validation of bracketed IPv6 hostnames in net/url","MEDIUM","fixed","The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: ""http://[::1]/"". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-58185","encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1","MEDIUM","fixed","Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-58189","crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information","MEDIUM","fixed","When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-61725","net/mail: Excessive CPU consumption in ParseAddress in net/mail","MEDIUM","fixed","The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2024-45336","golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect","MEDIUM","fixed","The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.","1.22.11, 1.23.5, 1.24.0-rc.2" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-23047","Cilium has an information leakage via insecure default Hubble UI CORS header","MEDIUM","fixed","Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default `Access-Control-Allow-Origin` header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who deploy Hubble UI using either Cilium CLI or via the Cilium Helm chart. A user with access to a Hubble UI instance affected by this issue could leak configuration details about the Kubernetes cluster which Hubble UI is monitoring, including node names, IP addresses, and other metadata about workloads and the cluster networking configuration. In order for this vulnerability to be exploited, a victim would have to first visit a malicious page. This issue is fixed in Cilium v1.14.18, v1.15.12, and v1.16.5. As a workaround, users who deploy Hubble UI using the Cilium Helm chart directly can remove the CORS headers from the Helm template as shown in the patch from commit a3489f190ba6e87b5336ee685fb6c80b1270d06d.","1.14.19, 1.15.13, 1.16.6" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-22872","golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net","MEDIUM","fixed","The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. , , etc contexts).","0.38.0" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-22868","golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws","HIGH","fixed","An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.","0.27.0" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-47907","database/sql: Postgres Scan Race Condition","HIGH","fixed","Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.","1.23.12, 1.24.6" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-58187","Due to the design of the name constraint checking algorithm, the proce ...","HIGH","fixed","Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.","1.24.9, 1.25.3" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-0913","Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall","MEDIUM","fixed","os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.","1.23.10, 1.24.4" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-22871","net/http: Request smuggling due to acceptance of invalid chunked data in net/http","MEDIUM","fixed","The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.","1.23.8, 1.24.2" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-23028","DoS in Cilium agent DNS proxy from crafted DNS responses","MEDIUM","fixed","Cilium is a networking, observability, and security solution with an eBPF-based dataplane. A denial of service vulnerability affects versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4. In a Kubernetes cluster where Cilium is configured to proxy DNS traffic, an attacker can crash Cilium agents by sending a crafted DNS response to workloads from outside the cluster. For traffic that is allowed but without using DNS-based policy, the dataplane will continue to pass traffic as configured at the time of the DoS. For workloads that have DNS-based policy configured, existing connections may continue to operate, and new connections made without relying on DNS resolution may continue to be established, but new connections which rely on DNS resolution may be disrupted. Any configuration changes that affect the impacted agent may not be applied until the agent is able to restart. This issue is fixed in Cilium v1.14.18, v1.15.12, and v1.16.5. No known workarounds are available.","1.14.18, 1.15.12, 1.16.5" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-30162","cilium: East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers","LOW","fixed","Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces, egress traffic from workloads covered by such network policies to LoadBalancers configured by `Gateway` resources will incorrectly be allowed. LoadBalancer resources not deployed via a Gateway API configuration are not affected by this issue. This issue affects: Cilium v1.15 between v1.15.0 and v1.15.14 inclusive, v1.16 between v1.16.0 and v1.16.7 inclusive, and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.15.15, v1.16.8, and v1.17.2. A Clusterwide Cilium Network Policy can be used to work around this issue for users who are unable to upgrade.","1.16.8, 1.17.2, 1.15.15" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2024-45341","golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints","MEDIUM","fixed","A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.","1.22.11, 1.23.5, 1.24.0-rc.2" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-4673","net/http: Sensitive headers not cleared on cross-origin redirect in net/http","MEDIUM","fixed","Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.","1.23.10, 1.24.4" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-47906","os/exec: Unexpected paths returned from LookPath in os/exec","MEDIUM","fixed","If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("""", ""."", and ""..""), can result in the binaries listed in the PATH being unexpectedly returned.","1.23.12, 1.24.6" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-61723","encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem","MEDIUM","fixed","The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-61724","net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto","MEDIUM","fixed","The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-30163","cilium: Node based network policies may incorrectly allow workload traffic","LOW","fixed","Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node endpoints that share the labels specified in `fromNodes` and `toNodes` sections of network policies. Node based network policy is disabled by default in Cilium. This issue affects: Cilium v1.16 between v1.16.0 and v1.16.7 inclusive and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.16.8 and v1.17.2. Users can work around this issue by ensuring that the labels used in `fromNodes` and `toNodes` fields are used exclusively by nodes and not by other endpoints.","1.16.8" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-58186","Despite HTTP headers having a default limit of 1MB, the number of cook ...","HIGH","fixed","Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as ""a=;"", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/popeye:0.21","CVE-2025-58188","Validating certificate chains which contain DSA public keys can cause ...","HIGH","fixed","Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-4947","libcurl: curl: QUIC certificate check skip with wolfSSL","MEDIUM","fixed","libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.","8.14.0-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-46835","git: Git GUI can create and overwrite files for which the user has write permission","LOW","fixed","Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.","2.45.4-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-0725","libcurl: Buffer Overflow in libcurl via zlib Integer Overflow","MEDIUM","fixed","When libcurl is asked to perform automatic gzip decompression of +content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, +**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would +make libcurl perform a buffer overflow.","8.12.0-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-5399","curl: libcurl: WebSocket endless loop","MEDIUM","fixed","Due to a mistake in libcurl's WebSocket code, a malicious server can send a +particularly crafted packet which makes libcurl get trapped in an endless +busy-loop. + +There is no other way for the application to escape or exit this loop other +than killing the thread/process. + +This might be used to DoS libcurl-using application.","8.14.1-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2024-8176","libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat","HIGH","fixed","A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.","2.7.0-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-26519","musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...","UNKNOWN","fixed","musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.","1.2.5-r1" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-9230","openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap","MEDIUM","fixed","Issue summary: An application trying to decrypt CMS messages encrypted using +password based encryption can trigger an out-of-bounds read and write. + +Impact summary: This out-of-bounds read may trigger a crash which leads to +Denial of Service for an application. The out-of-bounds write can cause +a memory corruption which can have various consequences including +a Denial of Service or Execution of attacker-supplied code. + +Although the consequences of a successful exploit of this vulnerability +could be severe, the probability that the attacker would be able to +perform it is low. Besides, password based (PWRI) encryption support in CMS +messages is very rarely used. For that reason the issue was assessed as +Moderate severity according to our Security Policy. + +The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this +issue, as the CMS implementation is outside the OpenSSL FIPS module +boundary.","3.3.5-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-46334","","HIGH","fixed","Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable always includes the current directory. The mentioned programs are invoked when the user selects Git Bash or Browse Files from the menu. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.","2.45.4-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2024-52006","git: Newline confusion in credential helpers can lead to credential exfiltration in git","MEDIUM","fixed","Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in this way. This issue has been addressed in commit `b01b9b8` which is included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones.","2.45.3-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-27614","gitk: git script execution flaw","MEDIUM","fixed","Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.","2.45.4-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-48386","git: Git buffer overflow","MEDIUM","fixed","Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.","2.45.4-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2024-13176","openssl: Timing side-channel in ECDSA signature computation","MEDIUM","fixed","Issue summary: A timing side-channel which could potentially allow recovering +the private key exists in the ECDSA signature computation. + +Impact summary: A timing side-channel in ECDSA signature computations +could allow recovering the private key by an attacker. However, measuring +the timing would require either local access to the signing application or +a very fast network connection with low latency. + +There is a timing signal of around 300 nanoseconds when the top word of +the inverted ECDSA nonce value is zero. This can happen with significant +probability only for some of the supported elliptic curves. In particular +the NIST P-521 curve is affected. To be able to measure this leak, the attacker +process must either be located in the same physical computer or must +have a very fast network connection with low latency. For that reason +the severity of this vulnerability is Low. + +The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.","3.3.2-r2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2024-11053","curl: curl netrc password leak","MEDIUM","fixed","When asked to both use a `.netrc` file for credentials and to follow HTTP +redirects, curl could leak the password used for the first host to the +followed-to host under certain circumstances. + +This flaw only manifests itself if the netrc file has an entry that matches +the redirect target hostname but the entry either omits just the password or +omits both login and password.","8.11.1-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-0665","libcurl: Double Close of Eventfd in libcurl","MEDIUM","fixed","libcurl would wrongly close the same eventfd file descriptor twice when taking +down a connection channel after having completed a threaded name resolve.","8.12.0-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-27613","gitk: Git file creation flaw","MEDIUM","fixed","Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled before in Gitk's Preferences. This option is disabled by default. The same happens when Show origin of this line is used in the main window (regardless of whether Support per-file encoding is enabled or not). This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.","2.45.4-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2024-50349","git: Git does not sanitize URLs when asking for credentials interactively","LOW","fixed","Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a password. At this stage, any URL-encoded parts have been decoded already, and are printed verbatim. This allows attackers to craft URLs that contain ANSI escape sequences that the terminal interpret to confuse users e.g. into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker's control. This issue has been patch via commits `7725b81` and `c903985` which are included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones.","2.45.3-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-9232","openssl: Out-of-bounds read in HTTP client no_proxy handling","LOW","fixed","Issue summary: An application using the OpenSSL HTTP client API functions may +trigger an out-of-bounds read if the 'no_proxy' environment variable is set and +the host portion of the authority component of the HTTP URL is an IPv6 address. + +Impact summary: An out-of-bounds read can trigger a crash which leads to +Denial of Service for an application. + +The OpenSSL HTTP client API functions can be used directly by applications +but they are also used by the OCSP client functions and CMP (Certificate +Management Protocol) client implementation in OpenSSL. However the URLs used +by these implementations are unlikely to be controlled by an attacker. + +In this vulnerable code the out of bounds read can only trigger a crash. +Furthermore the vulnerability requires an attacker-controlled URL to be +passed from an application to the OpenSSL function and the user has to have +a 'no_proxy' environment variable set. For the aforementioned reasons the +issue was assessed as Low severity. + +The vulnerable code was introduced in the following patch releases: +3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. + +The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this +issue, as the HTTP client implementation is outside the OpenSSL FIPS module +boundary.","3.3.5-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-10148","curl: predictable WebSocket mask","MEDIUM","fixed","curl's websocket code did not update the 32 bit mask pattern for each new + outgoing frame as the specification says. Instead it used a fixed mask that +persisted and was used throughout the entire connection. + +A predictable mask pattern allows for a malicious server to induce traffic +between the two communicating parties that could be interpreted by an involved +proxy (configured or transparent) as genuine, real, HTTP traffic with content +and thereby poison its cache. That cached poisoned content could then be +served to all users of that proxy.","8.14.1-r2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-5025","curl: libcurl: QUIC Certificate Pinning Bypass","MEDIUM","fixed","libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.","8.14.0-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-9086","curl: libcurl: Curl out of bounds read for cookie path","MEDIUM","fixed","1. A cookie is set using the `secure` keyword for `https://target` +2. curl is redirected to or otherwise made to speak with `http://target` (same + hostname, but using clear text HTTP) using the same cookie set +3. The same cookie name is set - but with just a slash as path (`path='/'`). + Since this site is not secure, the cookie *should* just be ignored. +4. A bug in the path comparison logic makes curl read outside a heap buffer + boundary + +The bug either causes a crash or it potentially makes the comparison come to +the wrong conclusion and lets the clear-text site override the contents of the +secure cookie, contrary to expectations and depending on the memory contents +immediately following the single-byte allocation that holds the path. + +The presumed and correct behavior would be to plainly ignore the second set of +the cookie since it was already set as secure on a secure host so overriding +it on an insecure host should not be okay.","8.14.1-r2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-0167","When asked to use a `.netrc` file for credentials **and** to follow HT ...","LOW","fixed","When asked to use a `.netrc` file for credentials **and** to follow HTTP +redirects, curl could leak the password used for the first host to the +followed-to host under certain circumstances. + +This flaw only manifests itself if the netrc file has a `default` entry that +omits both login and password. A rare circumstance.","8.12.0-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-59375","expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing","MEDIUM","fixed","libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.","2.7.2-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-9231","openssl: Timing side-channel in SM2 algorithm on 64 bit ARM","MEDIUM","fixed","Issue summary: A timing side-channel which could potentially allow remote +recovery of the private key exists in the SM2 algorithm implementation on 64 bit +ARM platforms. + +Impact summary: A timing side-channel in SM2 signature computations on 64 bit +ARM platforms could allow recovering the private key by an attacker.. + +While remote key recovery over a network was not attempted by the reporter, +timing measurements revealed a timing signal which may allow such an attack. + +OpenSSL does not directly support certificates with SM2 keys in TLS, and so +this CVE is not relevant in most TLS contexts. However, given that it is +possible to add support for such certificates via a custom provider, coupled +with the fact that in such a custom provider context the private key may be +recoverable via remote timing measurements, we consider this to be a Moderate +severity issue. + +The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this +issue, as SM2 is not an approved algorithm.","3.3.5-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-48384","git: Git arbitrary code execution","HIGH","fixed","Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.","2.45.4-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-48385","git: Git arbitrary file writes","HIGH","fixed","Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. The use of bundle URIs is not enabled by default and can be controlled by the bundle.heuristic config option. Some cases of the vulnerability require that the adversary is in control of where a repository will be cloned to. This either requires social engineering or a recursive clone with submodules. These cases can thus be avoided by disabling recursive clones. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.","2.45.4-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2024-12797","openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected","HIGH","fixed","Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a +server may fail to notice that the server was not authenticated, because +handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode +is set. + +Impact summary: TLS and DTLS connections using raw public keys may be +vulnerable to man-in-middle attacks when server authentication failure is not +detected by clients. + +RPKs are disabled by default in both TLS clients and TLS servers. The issue +only arises when TLS clients explicitly enable RPK use by the server, and the +server, likewise, enables sending of an RPK instead of an X.509 certificate +chain. The affected clients are those that then rely on the handshake to +fail when the server's RPK fails to match one of the expected public keys, +by setting the verification mode to SSL_VERIFY_PEER. + +Clients that enable server-side raw public keys can still find out that raw +public key verification failed by calling SSL_get_verify_result(), and those +that do, and take appropriate action, are not affected. This issue was +introduced in the initial implementation of RPK support in OpenSSL 3.2. + +The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.","3.3.3-r0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-22872","golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net","MEDIUM","fixed","The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. , , etc contexts).","0.38.0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-47912","net/url: Insufficient validation of bracketed IPv6 hostnames in net/url","MEDIUM","fixed","The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: ""http://[::1]/"". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-61723","encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem","MEDIUM","fixed","The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-61725","net/mail: Excessive CPU consumption in ParseAddress in net/mail","MEDIUM","fixed","The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-46569","github.com/open-policy-agent/opa/server: github.com/open-policy-agent/opa/v1/server: OPA server Data API HTTP path injection of Rego","HIGH","fixed","Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a single data document reference is constructed from the requested path. This query is then used for policy evaluation. A HTTP request path can be crafted in a way that injects Rego code into the constructed query. The evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results. Furthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack. This issue has been patched in version 1.4.0. A workaround involves having network access to OPA’s RESTful APIs being limited to `localhost` and/or trusted networks, unless necessary for production reasons.","1.4.0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-58058","github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory","MEDIUM","fixed","xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn't include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.","0.5.15" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-32387","helm.sh/helm/v3: Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow","MEDIUM","fixed","Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3.","3.17.3" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-47906","os/exec: Unexpected paths returned from LookPath in os/exec","MEDIUM","fixed","If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("""", ""."", and ""..""), can result in the binaries listed in the PATH being unexpectedly returned.","1.23.12, 1.24.6" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-58185","encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1","MEDIUM","fixed","Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-32386","helm.sh/helm/v3: Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination","MEDIUM","fixed","Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3.","3.17.3" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2024-45341","golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints","MEDIUM","fixed","A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.","1.22.11, 1.23.5, 1.24.0-rc.2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-22871","net/http: Request smuggling due to acceptance of invalid chunked data in net/http","MEDIUM","fixed","The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.","1.23.8, 1.24.2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-61724","net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto","MEDIUM","fixed","The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2024-25621","containerd is an open-source container runtime. Versions 0.1.0 through ...","HIGH","fixed","containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.","1.7.29" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-21614","go-git: go-git clients vulnerable to DoS via maliciously crafted Git server replies","HIGH","fixed","go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.","5.13.0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2024-45336","golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect","MEDIUM","fixed","The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.","1.22.11, 1.23.5, 1.24.0-rc.2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-0913","Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall","MEDIUM","fixed","os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.","1.23.10, 1.24.4" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-8556","github.com/cloudflare/circl: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results","LOW","fixed","A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.","1.6.1" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-21613","go-git: argument injection via the URL field","CRITICAL","fixed","go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.","5.13.0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-22869","golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh","HIGH","fixed","SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.","0.35.0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-58181","SSH servers parsing GSSAPI authentication requests do not validate the ...","MEDIUM","fixed","SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.","0.45.0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-22868","golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws","HIGH","fixed","An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.","0.27.0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-55198","helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability","MEDIUM","fixed","Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm.","3.18.5" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-47907","database/sql: Postgres Scan Race Condition","HIGH","fixed","Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.","1.23.12, 1.24.6" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-58189","crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information","MEDIUM","fixed","When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2024-45337","golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto","CRITICAL","fixed","Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that ""A call to this function does not guarantee that the key offered is in fact used to authenticate."" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.","0.31.0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-58183","golang: archive/tar: Unbounded allocation when parsing GNU sparse map","HIGH","fixed","tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-58186","Despite HTTP headers having a default limit of 1MB, the number of cook ...","HIGH","fixed","Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as ""a=;"", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-58187","Due to the design of the name constraint checking algorithm, the proce ...","HIGH","fixed","Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.","1.24.9, 1.25.3" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2024-40635","containerd: containerd has an integer overflow in User ID handling","MEDIUM","fixed","containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.","1.7.27, 1.6.38" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-64329","containerd is an open-source container runtime. Versions 1.7.28 and be ...","MEDIUM","fixed","containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.","1.7.29" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-47914","SSH Agent servers do not validate the size of messages when processing ...","MEDIUM","fixed","SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.","0.45.0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-53547","helm.sh/helm/v3: Helm Chart Code Execution","HIGH","fixed","Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). If the Chart.lock file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking. This issue has been resolved in Helm v3.18.4.","3.18.4, 3.17.4" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-55199","helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service","MEDIUM","fixed","Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.","3.18.5" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-58188","Validating certificate chains which contain DSA public keys can cause ...","HIGH","fixed","Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.","1.24.8, 1.25.2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-4673","net/http: Sensitive headers not cleared on cross-origin redirect in net/http","MEDIUM","fixed","Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.","1.23.10, 1.24.4" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-54410","github.com/moby/moby: Moby's Firewalld reload removes bridge network isolation","LOW","fixed","Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. Only containers in --internal networks remain protected. +Workarounds include reloading firewalld and either restarting the docker daemon, re-creating bridge networks, or using rootless mode. Maintainers anticipate a fix for this issue in version 25.0.13.","28.0.0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-30204","golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing","HIGH","fixed","golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.","4.5.2" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-8959","github.com/hashicorp/go-getter: HashiCorp go-getter Arbitrary File Read","HIGH","fixed","HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.","1.7.9" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-52881","runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects","HIGH","fixed","runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.","1.13.0" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-22866","crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec","MEDIUM","fixed","Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.","1.22.12, 1.23.6, 1.24.0-rc.3" +"Trivy","ghcr.io/undistro/trivy:0.57","CVE-2025-22870","golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net","MEDIUM","fixed","Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to ""*.example.com"", a request to ""[::1%25.example.com]:80` will incorrectly match and not be proxied.","0.36.0" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-58187","Due to the design of the name constraint checking algorithm, the proce ...","HIGH","fixed","Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.","1.24.9, 1.25.3" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-58185","encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1","MEDIUM","fixed","Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-61725","net/mail: Excessive CPU consumption in ParseAddress in net/mail","MEDIUM","fixed","The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2023-28452","CoreDNS vulnerable to TuDoor Attacks","HIGH","fixed","An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.","1.11.0" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-0913","Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall","MEDIUM","fixed","os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.","1.23.10, 1.24.4" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-4673","net/http: Sensitive headers not cleared on cross-origin redirect in net/http","MEDIUM","fixed","Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.","1.23.10, 1.24.4" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-58189","crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information","MEDIUM","fixed","When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2022-2837","coreDNS: DNS Redirection of Top-Level Domains","MEDIUM","affected","A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.","N/A" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2024-0874","coredns: CD bit response is cached and served later","MEDIUM","fixed","A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.","1.11.2" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","GHSA-gv9j-4w24-q7vx","Improper random number generation in github.com/coredns/coredns","MEDIUM","fixed","### Impact + +CoreDNS before 1.6.6 (using go DNS package < 1.1.25) improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries. + +### Patches +The problem has been fixed in 1.6.6+. + +### References +- [CVE-2019-19794](https://nvd.nist.gov/vuln/detail/CVE-2019-19794) + +### For more information +Please consult [our security guide](https://github.com/coredns/coredns/blob/master/.github/SECURITY.md) for more information regarding our security process. +","1.6.6" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-59530","github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame","HIGH","fixed","quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. This was observed in the wild with certain server implementations. quic-go needs to be able to handle misbehaving server implementations, including those that prematurely send a HANDSHAKE_DONE frame. Versions 0.49.0, 0.54.1, and 0.55.0 discard Initial keys when receiving a HANDSHAKE_DONE frame, thereby correctly handling premature HANDSHAKE_DONE frames.","0.49.1, 0.54.1" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-22872","golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net","MEDIUM","fixed","The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. , , etc contexts).","0.38.0" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-58186","Despite HTTP headers having a default limit of 1MB, the number of cook ...","HIGH","fixed","Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as ""a=;"", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-58188","Validating certificate chains which contain DSA public keys can cause ...","HIGH","fixed","Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-22871","net/http: Request smuggling due to acceptance of invalid chunked data in net/http","MEDIUM","fixed","The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.","1.23.8, 1.24.2" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-47950","coredns: CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification","HIGH","fixed","CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash — especially in containerized or memory-constrained environments. The patch in version 1.12.2 introduces two key mitigation mechanisms: `max_streams`, which caps the number of concurrent QUIC streams per connection with a default value of `256`; and `worker_pool_size`, which Introduces a server-wide, bounded worker pool to process incoming streams with a default value of `1024`. This eliminates the 1:1 stream-to-goroutine model and ensures that CoreDNS remains resilient under high concurrency. Some workarounds are available for those who are unable to upgrade. Disable QUIC support by removing or commenting out the `quic://` block in the Corefile, use container runtime resource limits to detect and isolate excessive memory usage, and/or monitor QUIC connection patterns and alert on anomalies.","1.12.2" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-47914","SSH Agent servers do not validate the size of messages when processing ...","MEDIUM","fixed","SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.","0.45.0" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-22874","crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509","HIGH","fixed","Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.","1.24.4" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-47906","os/exec: Unexpected paths returned from LookPath in os/exec","MEDIUM","fixed","If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("""", ""."", and ""..""), can result in the binaries listed in the PATH being unexpectedly returned.","1.23.12, 1.24.6" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-47912","net/url: Insufficient validation of bracketed IPv6 hostnames in net/url","MEDIUM","fixed","The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: ""http://[::1]/"". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-61723","encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem","MEDIUM","fixed","The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-61724","net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto","MEDIUM","fixed","The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-47907","database/sql: Postgres Scan Race Condition","HIGH","fixed","Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.","1.23.12, 1.24.6" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-58183","golang: archive/tar: Unbounded allocation when parsing GNU sparse map","HIGH","fixed","tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2022-2835","coreDNS: DNS Redirection of Internal Services","MEDIUM","affected","A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of ..svc.","N/A" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2023-30464","CoreDNS Cache Poisoning via a birthday attack","MEDIUM","affected","CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.","N/A" +"Trivy","registry.k8s.io/coredns/coredns:v1.12.1","CVE-2025-58181","SSH servers parsing GSSAPI authentication requests do not validate the ...","MEDIUM","fixed","SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.","0.45.0" +"Trivy","registry.k8s.io/etcd:3.6.4-0","CVE-2025-47914","SSH Agent servers do not validate the size of messages when processing ...","MEDIUM","fixed","SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.","0.45.0" +"Trivy","registry.k8s.io/etcd:3.6.4-0","CVE-2025-58181","SSH servers parsing GSSAPI authentication requests do not validate the ...","MEDIUM","fixed","SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.","0.45.0" +"Trivy","registry.k8s.io/etcd:3.6.4-0","CVE-2025-47907","database/sql: Postgres Scan Race Condition","HIGH","fixed","Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.","1.23.12, 1.24.6" +"Trivy","registry.k8s.io/etcd:3.6.4-0","CVE-2025-58183","golang: archive/tar: Unbounded allocation when parsing GNU sparse map","HIGH","fixed","tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/etcd:3.6.4-0","CVE-2025-58187","Due to the design of the name constraint checking algorithm, the proce ...","HIGH","fixed","Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.","1.24.9, 1.25.3" +"Trivy","registry.k8s.io/etcd:3.6.4-0","CVE-2025-58188","Validating certificate chains which contain DSA public keys can cause ...","HIGH","fixed","Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/etcd:3.6.4-0","CVE-2025-47906","os/exec: Unexpected paths returned from LookPath in os/exec","MEDIUM","fixed","If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("""", ""."", and ""..""), can result in the binaries listed in the PATH being unexpectedly returned.","1.23.12, 1.24.6" +"Trivy","registry.k8s.io/etcd:3.6.4-0","CVE-2025-47912","net/url: Insufficient validation of bracketed IPv6 hostnames in net/url","MEDIUM","fixed","The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: ""http://[::1]/"". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/etcd:3.6.4-0","CVE-2025-58186","Despite HTTP headers having a default limit of 1MB, the number of cook ...","HIGH","fixed","Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as ""a=;"", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/etcd:3.6.4-0","CVE-2025-58185","encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1","MEDIUM","fixed","Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/etcd:3.6.4-0","CVE-2025-58189","crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information","MEDIUM","fixed","When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/etcd:3.6.4-0","CVE-2025-61723","encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem","MEDIUM","fixed","The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/etcd:3.6.4-0","CVE-2025-61724","net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto","MEDIUM","fixed","The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/etcd:3.6.4-0","CVE-2025-61725","net/mail: Excessive CPU consumption in ParseAddress in net/mail","MEDIUM","fixed","The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-apiserver:v1.34.0","CVE-2025-58183","golang: archive/tar: Unbounded allocation when parsing GNU sparse map","HIGH","fixed","tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-apiserver:v1.34.0","CVE-2025-58186","Despite HTTP headers having a default limit of 1MB, the number of cook ...","HIGH","fixed","Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as ""a=;"", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-apiserver:v1.34.0","CVE-2025-58188","Validating certificate chains which contain DSA public keys can cause ...","HIGH","fixed","Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-apiserver:v1.34.0","CVE-2025-47912","net/url: Insufficient validation of bracketed IPv6 hostnames in net/url","MEDIUM","fixed","The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: ""http://[::1]/"". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-apiserver:v1.34.0","CVE-2025-58185","encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1","MEDIUM","fixed","Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-apiserver:v1.34.0","CVE-2025-58189","crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information","MEDIUM","fixed","When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-apiserver:v1.34.0","CVE-2025-61724","net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto","MEDIUM","fixed","The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-apiserver:v1.34.0","CVE-2025-58187","Due to the design of the name constraint checking algorithm, the proce ...","HIGH","fixed","Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.","1.24.9, 1.25.3" +"Trivy","registry.k8s.io/kube-apiserver:v1.34.0","CVE-2025-61723","encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem","MEDIUM","fixed","The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-apiserver:v1.34.0","CVE-2025-61725","net/mail: Excessive CPU consumption in ParseAddress in net/mail","MEDIUM","fixed","The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-controller-manager:v1.34.0","CVE-2025-58189","crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information","MEDIUM","fixed","When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-controller-manager:v1.34.0","CVE-2025-61723","encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem","MEDIUM","fixed","The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-controller-manager:v1.34.0","CVE-2025-61725","net/mail: Excessive CPU consumption in ParseAddress in net/mail","MEDIUM","fixed","The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-controller-manager:v1.34.0","CVE-2025-58186","Despite HTTP headers having a default limit of 1MB, the number of cook ...","HIGH","fixed","Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as ""a=;"", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-controller-manager:v1.34.0","CVE-2025-58188","Validating certificate chains which contain DSA public keys can cause ...","HIGH","fixed","Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-controller-manager:v1.34.0","CVE-2025-58185","encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1","MEDIUM","fixed","Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-controller-manager:v1.34.0","CVE-2025-61724","net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto","MEDIUM","fixed","The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-controller-manager:v1.34.0","CVE-2025-58183","golang: archive/tar: Unbounded allocation when parsing GNU sparse map","HIGH","fixed","tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-controller-manager:v1.34.0","CVE-2025-58187","Due to the design of the name constraint checking algorithm, the proce ...","HIGH","fixed","Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.","1.24.9, 1.25.3" +"Trivy","registry.k8s.io/kube-controller-manager:v1.34.0","CVE-2025-47912","net/url: Insufficient validation of bracketed IPv6 hostnames in net/url","MEDIUM","fixed","The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: ""http://[::1]/"". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-5278","coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification","LOW","affected","A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.","N/A" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2012-2663","iptables: --syn flag bypass","LOW","affected","extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant.","N/A" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-4802","glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH","HIGH","fixed","Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).","2.36-9+deb12u11" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2010-4756","glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions","LOW","affected","The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.","N/A" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2018-20796","glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c","LOW","affected","In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.","N/A" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2019-1010024","glibc: ASLR bypass using cache of thread stack and heap","LOW","affected","GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate ""this is being treated as a non-security bug and no real threat.","N/A" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2020-36325","jansson: out-of-bounds read in json_loads() due to a parsing error","LOW","affected","An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification","N/A" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2016-2781","coreutils: Non-privileged session can escape to the parent session in chroot","LOW","will_not_fix","chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.","N/A" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-8058","glibc: Double free in glibc","MEDIUM","fixed","The regcomp function in the GNU C library version from 2.4 to 2.41 is +subject to a double free if some previous allocation fails. It can be +accomplished either by a malloc failure or by using an interposed malloc + that injects random malloc failures. The double free can allow buffer +manipulation depending of how the regex is constructed. This issue +affects all architectures and ABIs supported by the GNU C library.","2.36-9+deb12u13" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2019-1010022","glibc: stack guard protection bypass","LOW","affected","GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate ""this is being treated as a non-security bug and no real threat.","N/A" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2019-9192","glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c","LOW","affected","In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern","N/A" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-27587","OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ...","LOW","affected","OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.","N/A" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-9232","openssl: Out-of-bounds read in HTTP client no_proxy handling","LOW","fixed","Issue summary: An application using the OpenSSL HTTP client API functions may +trigger an out-of-bounds read if the 'no_proxy' environment variable is set and +the host portion of the authority component of the HTTP URL is an IPv6 address. + +Impact summary: An out-of-bounds read can trigger a crash which leads to +Denial of Service for an application. + +The OpenSSL HTTP client API functions can be used directly by applications +but they are also used by the OCSP client functions and CMP (Certificate +Management Protocol) client implementation in OpenSSL. However the URLs used +by these implementations are unlikely to be controlled by an attacker. + +In this vulnerable code the out of bounds read can only trigger a crash. +Furthermore the vulnerability requires an attacker-controlled URL to be +passed from an application to the OpenSSL function and the user has to have +a 'no_proxy' environment variable set. For the aforementioned reasons the +issue was assessed as Low severity. + +The vulnerable code was introduced in the following patch releases: +3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. + +The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this +issue, as the HTTP client implementation is outside the OpenSSL FIPS module +boundary.","3.0.17-1~deb12u3" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2019-1010023","glibc: running ldd on malicious ELF leads to code execution because of wrong size computation","LOW","affected","GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate ""this is being treated as a non-security bug and no real threat.","N/A" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2017-18018","coreutils: race condition vulnerability in chown and chgrp","LOW","affected","In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX ""-R -L"" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.","N/A" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2019-1010025","glibc: information disclosure of heap addresses of pthread_created thread","LOW","affected","GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is ""ASLR bypass itself is not a vulnerability.","N/A" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-9230","openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap","MEDIUM","fixed","Issue summary: An application trying to decrypt CMS messages encrypted using +password based encryption can trigger an out-of-bounds read and write. + +Impact summary: This out-of-bounds read may trigger a crash which leads to +Denial of Service for an application. The out-of-bounds write can cause +a memory corruption which can have various consequences including +a Denial of Service or Execution of attacker-supplied code. + +Although the consequences of a successful exploit of this vulnerability +could be severe, the probability that the attacker would be able to +perform it is low. Besides, password based (PWRI) encryption support in CMS +messages is very rarely used. For that reason the issue was assessed as +Moderate severity according to our Security Policy. + +The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this +issue, as the CMS implementation is outside the OpenSSL FIPS module +boundary.","3.0.17-1~deb12u3" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-58188","Validating certificate chains which contain DSA public keys can cause ...","HIGH","fixed","Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-47912","net/url: Insufficient validation of bracketed IPv6 hostnames in net/url","MEDIUM","fixed","The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: ""http://[::1]/"". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-58185","encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1","MEDIUM","fixed","Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-61724","net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto","MEDIUM","fixed","The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-58186","Despite HTTP headers having a default limit of 1MB, the number of cook ...","HIGH","fixed","Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as ""a=;"", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-58187","Due to the design of the name constraint checking algorithm, the proce ...","HIGH","fixed","Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.","1.24.9, 1.25.3" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-58189","crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information","MEDIUM","fixed","When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-61723","encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem","MEDIUM","fixed","The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-61725","net/mail: Excessive CPU consumption in ParseAddress in net/mail","MEDIUM","fixed","The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-proxy:v1.34.0","CVE-2025-58183","golang: archive/tar: Unbounded allocation when parsing GNU sparse map","HIGH","fixed","tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-scheduler:v1.34.0","CVE-2025-58189","crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information","MEDIUM","fixed","When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-scheduler:v1.34.0","CVE-2025-61723","encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem","MEDIUM","fixed","The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-scheduler:v1.34.0","CVE-2025-61724","net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto","MEDIUM","fixed","The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-scheduler:v1.34.0","CVE-2025-61725","net/mail: Excessive CPU consumption in ParseAddress in net/mail","MEDIUM","fixed","The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-scheduler:v1.34.0","CVE-2025-58188","Validating certificate chains which contain DSA public keys can cause ...","HIGH","fixed","Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-scheduler:v1.34.0","CVE-2025-47912","net/url: Insufficient validation of bracketed IPv6 hostnames in net/url","MEDIUM","fixed","The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: ""http://[::1]/"". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-scheduler:v1.34.0","CVE-2025-58183","golang: archive/tar: Unbounded allocation when parsing GNU sparse map","HIGH","fixed","tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-scheduler:v1.34.0","CVE-2025-58186","Despite HTTP headers having a default limit of 1MB, the number of cook ...","HIGH","fixed","Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as ""a=;"", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.","1.24.8, 1.25.2" +"Trivy","registry.k8s.io/kube-scheduler:v1.34.0","CVE-2025-58187","Due to the design of the name constraint checking algorithm, the proce ...","HIGH","fixed","Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.","1.24.9, 1.25.3" +"Trivy","registry.k8s.io/kube-scheduler:v1.34.0","CVE-2025-58185","encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1","MEDIUM","fixed","Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.","1.24.8, 1.25.2" diff --git a/unittests/test_duplication_loops.py b/unittests/test_duplication_loops.py index d85e52e1046..9a84024e560 100644 --- a/unittests/test_duplication_loops.py +++ b/unittests/test_duplication_loops.py @@ -3,9 +3,9 @@ from crum import impersonate from django.test.utils import override_settings +from dojo.finding.deduplication import set_duplicate from dojo.management.commands.fix_loop_duplicates import fix_loop_duplicates from dojo.models import Engagement, Finding, Product, User, copy_model_util -from dojo.utils import set_duplicate from .dojo_test_case import DojoTestCase diff --git a/unittests/test_import_reimport.py b/unittests/test_import_reimport.py index e3130cc7efc..2f71c720e02 100644 --- a/unittests/test_import_reimport.py +++ b/unittests/test_import_reimport.py @@ -100,6 +100,8 @@ def __init__(self, *args, **kwargs): self.scan_type_gitlab_dast = "GitLab DAST Report" self.anchore_grype_file_name = get_unit_tests_scans_path("anchore_grype") / "check_all_fields.json" + self.anchore_grype_file_name_fix_not_available = get_unit_tests_scans_path("anchore_grype") / "fix_not_available.json" + self.anchore_grype_file_name_fix_available = get_unit_tests_scans_path("anchore_grype") / "fix_available.json" self.anchore_grype_scan_type = "Anchore Grype" self.checkmarx_one_open_and_false_positive = get_unit_tests_scans_path("checkmarx_one") / "one-open-one-false-positive.json" @@ -1691,6 +1693,30 @@ def test_import_reimport_vulnerability_ids(self): self.assertEqual("GHSA-v6rh-hp5x-86rv", findings[3].vulnerability_ids[0]) self.assertEqual("CVE-2021-44420", findings[3].vulnerability_ids[1]) + def test_import_reimport_fix_available(self): + import0 = self.import_scan_with_params(self.anchore_grype_file_name_fix_not_available, scan_type=self.anchore_grype_scan_type) + test_id = import0["test"] + test = Test.objects.get(id=test_id) + findings = Finding.objects.filter(test=test) + self.assertEqual(1, len(findings)) + self.assertEqual(False, findings[0].fix_available) + self.assertEqual(None, findings[0].fix_version) + + test_type = Test_Type.objects.get(name=self.anchore_grype_scan_type) + reimport_test = Test( + engagement=test.engagement, + test_type=test_type, + scan_type=self.anchore_grype_scan_type, + target_start=datetime.now(timezone.get_current_timezone()), + target_end=datetime.now(timezone.get_current_timezone()), + ) + reimport_test.save() + self.reimport_scan_with_params(reimport_test.id, self.anchore_grype_file_name_fix_available, scan_type=self.anchore_grype_scan_type) + findings = Finding.objects.filter(test=reimport_test) + self.assertEqual(1, len(findings)) + self.assertEqual(True, findings[0].fix_available) + self.assertEqual("1.2.3", findings[0].fix_version) + def test_import_history_reactivated_and_untouched_findings_do_not_mix(self): import0 = self.import_scan_with_params(self.generic_import_1, scan_type=self.scan_type_generic) test_id = import0["test"] diff --git a/unittests/test_importers_performance.py b/unittests/test_importers_performance.py index c6d8652635f..9da777ccecc 100644 --- a/unittests/test_importers_performance.py +++ b/unittests/test_importers_performance.py @@ -176,11 +176,11 @@ def test_import_reimport_reimport_performance_async(self): self._import_reimport_performance( expected_num_queries1=340, - expected_num_async_tasks1=10, + expected_num_async_tasks1=7, expected_num_queries2=288, - expected_num_async_tasks2=22, + expected_num_async_tasks2=18, expected_num_queries3=175, - expected_num_async_tasks3=20, + expected_num_async_tasks3=17, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-pghistory") @@ -194,11 +194,11 @@ def test_import_reimport_reimport_performance_pghistory_async(self): self._import_reimport_performance( expected_num_queries1=306, - expected_num_async_tasks1=10, + expected_num_async_tasks1=7, expected_num_queries2=281, - expected_num_async_tasks2=22, + expected_num_async_tasks2=18, expected_num_queries3=170, - expected_num_async_tasks3=20, + expected_num_async_tasks3=17, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-auditlog") @@ -217,12 +217,12 @@ def test_import_reimport_reimport_performance_no_async(self): testuser.usercontactinfo.block_execution = True testuser.usercontactinfo.save() self._import_reimport_performance( - expected_num_queries1=350, - expected_num_async_tasks1=10, - expected_num_queries2=305, - expected_num_async_tasks2=22, - expected_num_queries3=190, - expected_num_async_tasks3=20, + expected_num_queries1=345, + expected_num_async_tasks1=6, + expected_num_queries2=293, + expected_num_async_tasks2=17, + expected_num_queries3=180, + expected_num_async_tasks3=16, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-pghistory") @@ -239,12 +239,12 @@ def test_import_reimport_reimport_performance_pghistory_no_async(self): testuser.usercontactinfo.save() self._import_reimport_performance( - expected_num_queries1=316, - expected_num_async_tasks1=10, - expected_num_queries2=298, - expected_num_async_tasks2=22, - expected_num_queries3=185, - expected_num_async_tasks3=20, + expected_num_queries1=311, + expected_num_async_tasks1=6, + expected_num_queries2=286, + expected_num_async_tasks2=17, + expected_num_queries3=175, + expected_num_async_tasks3=16, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-auditlog") @@ -265,12 +265,12 @@ def test_import_reimport_reimport_performance_no_async_with_product_grading(self self.system_settings(enable_product_grade=True) self._import_reimport_performance( - expected_num_queries1=351, - expected_num_async_tasks1=11, - expected_num_queries2=306, - expected_num_async_tasks2=23, - expected_num_queries3=191, - expected_num_async_tasks3=21, + expected_num_queries1=347, + expected_num_async_tasks1=8, + expected_num_queries2=295, + expected_num_async_tasks2=19, + expected_num_queries3=182, + expected_num_async_tasks3=18, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-pghistory") @@ -288,12 +288,12 @@ def test_import_reimport_reimport_performance_pghistory_no_async_with_product_gr self.system_settings(enable_product_grade=True) self._import_reimport_performance( - expected_num_queries1=317, - expected_num_async_tasks1=11, - expected_num_queries2=299, - expected_num_async_tasks2=23, - expected_num_queries3=186, - expected_num_async_tasks3=21, + expected_num_queries1=313, + expected_num_async_tasks1=8, + expected_num_queries2=288, + expected_num_async_tasks2=19, + expected_num_queries3=177, + expected_num_async_tasks3=18, ) # Deduplication is enabled in the tests above, but to properly test it we must run the same import twice and capture the results. @@ -412,9 +412,9 @@ def test_deduplication_performance_async(self): self._deduplication_performance( expected_num_queries1=311, - expected_num_async_tasks1=12, + expected_num_async_tasks1=8, expected_num_queries2=204, - expected_num_async_tasks2=12, + expected_num_async_tasks2=8, check_duplicates=False, # Async mode - deduplication happens later ) @@ -429,9 +429,9 @@ def test_deduplication_performance_pghistory_async(self): self._deduplication_performance( expected_num_queries1=275, - expected_num_async_tasks1=12, + expected_num_async_tasks1=8, expected_num_queries2=185, - expected_num_async_tasks2=12, + expected_num_async_tasks2=8, check_duplicates=False, # Async mode - deduplication happens later ) @@ -449,10 +449,10 @@ def test_deduplication_performance_no_async(self): testuser.usercontactinfo.save() self._deduplication_performance( - expected_num_queries1=323, - expected_num_async_tasks1=12, - expected_num_queries2=318, - expected_num_async_tasks2=12, + expected_num_queries1=316, + expected_num_async_tasks1=7, + expected_num_queries2=287, + expected_num_async_tasks2=7, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-pghistory") @@ -469,8 +469,8 @@ def test_deduplication_performance_pghistory_no_async(self): testuser.usercontactinfo.save() self._deduplication_performance( - expected_num_queries1=287, - expected_num_async_tasks1=12, - expected_num_queries2=281, - expected_num_async_tasks2=12, + expected_num_queries1=280, + expected_num_async_tasks1=7, + expected_num_queries2=250, + expected_num_async_tasks2=7, ) diff --git a/unittests/test_notifications.py b/unittests/test_notifications.py index 1068c13f2d8..7c5b289a211 100644 --- a/unittests/test_notifications.py +++ b/unittests/test_notifications.py @@ -405,6 +405,30 @@ def setUp(self): token = Token.objects.get(user__username="admin") self.client = APIClient() self.client.credentials(HTTP_AUTHORIZATION="Token " + token.key) + self.admin = User.objects.get(username="admin") + self.base_url = "/api/v2/findings/" + + def _minimal_create_payload(self, title: str): + return { + "test": 3, + "found_by": [], + "title": title, + "date": "2020-05-20", + "cwe": 1, + "severity": "High", + "description": "TEST finding for notification", + "mitigation": "MITIGATION", + "impact": "HIGH", + "references": "", + "active": True, + "verified": False, + "false_p": False, + "duplicate": False, + "out_of_scope": False, + "under_review": False, + "under_defect_review": False, + "numerical_severity": "S0", + } @patch("dojo.notifications.helper.NotificationManager._process_notifications") def test_auditlog_on(self, mock): @@ -412,6 +436,91 @@ def test_auditlog_on(self, mock): self.client.delete(reverse("product_type-detail", args=(prod_type.pk,)), format="json") self.assertEqual(mock.call_args_list[-1].kwargs["description"], 'The product type "notif prod type API" was deleted by admin') + @patch("dojo.api_v2.serializers.create_notification") + def test_create_calls_notification_with_auto_assigned_reporter(self, mock_create_notification): + """Test that create_notification is called when creating a finding without explicit reporter.""" + payload = self._minimal_create_payload("Finding with auto-assigned reporter notification") + + response = self.client.post(self.base_url, payload, format="json") + self.assertEqual(201, response.status_code, response.content[:1000]) + + # Verify notification was called + mock_create_notification.assert_called_once() + call_args = mock_create_notification.call_args + + # Check the notification parameters + self.assertEqual(call_args[1]["event"], "finding_added") + self.assertEqual(call_args[1]["title"], "Addition of Finding With Auto-Assigned Reporter Notification") + self.assertEqual( + call_args[1]["description"], + f'Finding "Finding With Auto-Assigned Reporter Notification" was added by {self.admin}', + ) + self.assertEqual(call_args[1]["icon"], "exclamation-triangle") + + # Verify the finding was created successfully + created_id = response.data.get("id") + self.assertIsNotNone(created_id) + created_finding = Finding.objects.get(id=created_id) + self.assertEqual(created_finding.reporter, self.admin) + + @patch("dojo.api_v2.serializers.create_notification") + def test_create_calls_notification_with_explicit_reporter(self, mock_create_notification): + """Test that create_notification is called when creating a finding with explicit reporter.""" + # Create another user to use as explicit reporter + explicit_reporter = User.objects.create(username="explicit_reporter", email="reporter@test.com") + + payload = self._minimal_create_payload("Finding with explicit reporter notification") + payload["reporter"] = explicit_reporter.id + + response = self.client.post(self.base_url, payload, format="json") + self.assertEqual(201, response.status_code, response.content[:1000]) + + # Verify notification was called + mock_create_notification.assert_called_once() + call_args = mock_create_notification.call_args + + # Check the notification parameters + self.assertEqual(call_args[1]["event"], "finding_added") + self.assertEqual(call_args[1]["title"], "Addition of Finding With Explicit Reporter Notification") + self.assertEqual( + call_args[1]["description"], + f'Finding "Finding With Explicit Reporter Notification" was added by {explicit_reporter}', + ) + self.assertEqual(call_args[1]["icon"], "exclamation-triangle") + + # Verify the finding was created with explicit reporter + created_id = response.data.get("id") + self.assertIsNotNone(created_id) + created_finding = Finding.objects.get(id=created_id) + self.assertEqual(created_finding.reporter, explicit_reporter) + + @patch("dojo.api_v2.serializers.create_notification") + def test_notification_parameters_are_correct(self, mock_create_notification): + """Test that all notification parameters are properly formatted and passed.""" + payload = self._minimal_create_payload("Test Finding for Parameter Validation") + + response = self.client.post(self.base_url, payload, format="json") + self.assertEqual(201, response.status_code, response.content[:1000]) + + # Get the created finding to verify URL formation + created_id = response.data.get("id") + created_finding = Finding.objects.get(id=created_id) + + # Verify notification was called with correct parameters + mock_create_notification.assert_called_once() + call_args = mock_create_notification.call_args + + # Verify all required parameters exist + self.assertEqual(call_args[1]["event"], "finding_added") + self.assertEqual(call_args[1]["title"], "Addition of Test Finding for Parameter Validation") + self.assertEqual( + call_args[1]["description"], + f'Finding "Test Finding for Parameter Validation" was added by {self.admin}', + ) + self.assertEqual(call_args[1]["url"], f"/finding/{created_finding.id}") + self.assertEqual(call_args[1]["icon"], "exclamation-triangle") + self.assertEqual(call_args[1]["finding"], created_finding) + class TestNotificationWebhooks(DojoTestCase): fixtures = ["dojo_testdata.json"] diff --git a/unittests/test_utils_deduplication_reopen.py b/unittests/test_utils_deduplication_reopen.py index a7e72ede118..2981222d591 100644 --- a/unittests/test_utils_deduplication_reopen.py +++ b/unittests/test_utils_deduplication_reopen.py @@ -1,9 +1,9 @@ import datetime import logging +from dojo.finding.deduplication import set_duplicate from dojo.management.commands.fix_loop_duplicates import fix_loop_duplicates from dojo.models import Finding, copy_model_util -from dojo.utils import set_duplicate from .dojo_test_case import DojoTestCase diff --git a/unittests/tools/test_anchore_grype_parser.py b/unittests/tools/test_anchore_grype_parser.py index 362fb63a5f7..44239da61f0 100644 --- a/unittests/tools/test_anchore_grype_parser.py +++ b/unittests/tools/test_anchore_grype_parser.py @@ -266,6 +266,22 @@ def test_grype_issue_9618(self): findings = parser.get_findings(testfile, Test()) self.assertEqual(35, len(findings)) + def test_grype_fix_not_available(self): + with (get_unit_tests_scans_path("anchore_grype") / "fix_not_available.json").open(encoding="utf-8") as testfile: + parser = AnchoreGrypeParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + self.assertEqual(findings[0].fix_available, False) + self.assertEqual(findings[0].fix_version, None) + + def test_grype_fix_available(self): + with (get_unit_tests_scans_path("anchore_grype") / "fix_available.json").open(encoding="utf-8") as testfile: + parser = AnchoreGrypeParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + self.assertEqual(findings[0].fix_available, True) + self.assertEqual(findings[0].fix_version, "1.2.3") + def test_grype_issue_9942(self): with (get_unit_tests_scans_path("anchore_grype") / "issue_9942.json").open(encoding="utf-8") as testfile: parser = AnchoreGrypeParser() diff --git a/unittests/tools/test_n0s1_parser.py b/unittests/tools/test_n0s1_parser.py new file mode 100644 index 00000000000..5229e61e515 --- /dev/null +++ b/unittests/tools/test_n0s1_parser.py @@ -0,0 +1,31 @@ + + +from dojo.models import Test, Test_Type +from dojo.tools.n0s1.parser import N0s1Parser +from unittests.dojo_test_case import DojoTestCase, get_unit_tests_scans_path + + +class TestN0s1Parser(DojoTestCase): + + def test_n0s1_parser_with_multiple_findings(self): + with (get_unit_tests_scans_path("n0s1") / "many_findings.json").open(encoding="utf-8") as testfile: + parser = N0s1Parser() + test_type = Test_Type(name="n0s1 Scanner") + test = Test(test_type=test_type) + findings = parser.get_findings(testfile, test) + self.assertEqual(17, len(findings)) + finding = findings[0] + self.assertEqual(finding.title, "AWS") + self.assertIsNotNone(finding.description) + self.assertTrue(finding.dynamic_finding) + self.assertEqual(test.test_type.name, "n0s1 Scanner") + + def test_detect_subscanner_returns_correct_type(self): + with (get_unit_tests_scans_path("n0s1") / "many_findings.json").open(encoding="utf-8") as testfile: + parser = N0s1Parser() + tests = parser.get_tests("n0s1 Scanner", testfile) + self.assertEqual(1, len(tests)) + test = tests[0] + self.assertEqual("n0s1 Confluence", test.name) + self.assertEqual("Scan from n0s1 Confluence", test.description) + self.assertEqual(17, len(test.findings)) diff --git a/unittests/tools/test_openreports_parser.py b/unittests/tools/test_openreports_parser.py new file mode 100644 index 00000000000..480722b9152 --- /dev/null +++ b/unittests/tools/test_openreports_parser.py @@ -0,0 +1,164 @@ +from dojo.models import Test +from dojo.tools.openreports.parser import OpenreportsParser +from unittests.dojo_test_case import DojoTestCase, get_unit_tests_scans_path + + +def sample_path(file_name): + return get_unit_tests_scans_path("openreports") / file_name + + +class TestOpenreportsParser(DojoTestCase): + def test_no_results(self): + with sample_path("openreports_no_results.json").open(encoding="utf-8") as test_file: + parser = OpenreportsParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 0) + + def test_single_report(self): + with sample_path("openreports_single_report.json").open(encoding="utf-8") as test_file: + parser = OpenreportsParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 3) + + # Test first finding (warn/low severity) + finding1 = findings[0] + self.assertEqual("CVE-2025-9232 in libcrypto3", finding1.title) + self.assertEqual("Low", finding1.severity) + self.assertEqual("libcrypto3", finding1.component_name) + self.assertEqual("3.5.2-r1", finding1.component_version) + self.assertEqual("Upgrade to version: 3.5.4-r0", finding1.mitigation) + self.assertEqual("https://avd.aquasec.com/nvd/cve-2025-9232", finding1.references) + self.assertEqual("test/Deployment/test-app", finding1.service) + self.assertTrue(finding1.active) + self.assertTrue(finding1.verified) + self.assertTrue(finding1.fix_available) + self.assertEqual(1, len(finding1.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2025-9232", finding1.unsaved_vulnerability_ids[0]) + self.assertEqual("CVE-2025-9232", finding1.vuln_id_from_tool) + self.assertIn("vulnerability scan", finding1.unsaved_tags) + self.assertIn("image-scanner", finding1.unsaved_tags) + self.assertIn("Deployment", finding1.unsaved_tags) + + # Test second finding (fail/high severity) + finding2 = findings[1] + self.assertEqual("CVE-2025-47907 in stdlib", finding2.title) + self.assertEqual("High", finding2.severity) + self.assertEqual("stdlib", finding2.component_name) + self.assertEqual("v1.24.4", finding2.component_version) + self.assertEqual("Upgrade to version: 1.23.12, 1.24.6", finding2.mitigation) + self.assertEqual("https://avd.aquasec.com/nvd/cve-2025-47907", finding2.references) + self.assertEqual("test/Deployment/test-app", finding2.service) + self.assertTrue(finding2.active) + self.assertTrue(finding2.verified) + self.assertTrue(finding2.fix_available) + self.assertEqual(1, len(finding2.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2025-47907", finding2.unsaved_vulnerability_ids[0]) + self.assertEqual("CVE-2025-47907", finding2.vuln_id_from_tool) + + # Test third finding (non-CVE policy, fail/low severity) + finding3 = findings[2] + self.assertEqual("CIS-BENCH-001: Missing security headers in HTTP response", finding3.title) + self.assertEqual("Low", finding3.severity) + self.assertEqual("web-server", finding3.component_name) + self.assertEqual("N/A", finding3.component_version) + self.assertEqual("Upgrade to version: Configure proper security headers", finding3.mitigation) + self.assertEqual("https://www.cisecurity.org/benchmark/docker", finding3.references) + self.assertEqual("test/Deployment/test-app", finding3.service) + self.assertTrue(finding3.active) + self.assertTrue(finding3.verified) + self.assertTrue(finding3.fix_available) + # Non-CVE policies should not have vulnerability IDs + self.assertIsNone(finding3.unsaved_vulnerability_ids) + self.assertEqual("CIS-BENCH-001", finding3.vuln_id_from_tool) + self.assertIn("compliance check", finding3.unsaved_tags) + self.assertIn("compliance-scanner", finding3.unsaved_tags) + self.assertIn("Deployment", finding3.unsaved_tags) + + def test_list_format(self): + with sample_path("openreports_list_format.json").open(encoding="utf-8") as test_file: + parser = OpenreportsParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 3) + + # Verify findings from different reports have different services + services = {finding.service for finding in findings} + self.assertEqual(len(services), 2) + self.assertIn("test/Deployment/app1", services) + self.assertIn("test/Deployment/app2", services) + + # Verify CVE IDs - only findings with CVE policies should have vulnerability IDs + cve_findings = [finding for finding in findings if finding.unsaved_vulnerability_ids] + self.assertEqual(len(cve_findings), 2) + cve_ids = [finding.unsaved_vulnerability_ids[0] for finding in cve_findings] + self.assertIn("CVE-2025-9232", cve_ids) + self.assertIn("CVE-2025-47907", cve_ids) + + # Verify there's at least one non-CVE finding + non_cve_findings = [finding for finding in findings if not finding.unsaved_vulnerability_ids] + self.assertEqual(len(non_cve_findings), 1) + non_cve_finding = non_cve_findings[0] + self.assertEqual("SECURITY-001: Container running as root user", non_cve_finding.title) + + def test_parser_metadata(self): + parser = OpenreportsParser() + scan_types = parser.get_scan_types() + self.assertEqual(["OpenReports"], scan_types) + + label = parser.get_label_for_scan_types("OpenReports") + self.assertEqual("OpenReports", label) + + description = parser.get_description_for_scan_types("OpenReports") + self.assertEqual("Import OpenReports JSON report.", description) + + def test_get_tests_single_source(self): + with sample_path("openreports_single_report.json").open(encoding="utf-8") as test_file: + parser = OpenreportsParser() + tests = parser.get_tests("OpenReports", test_file) + + # Should have two tests for the two sources + self.assertEqual(len(tests), 2) + + # Verify test names + test_names = {test.name for test in tests} + self.assertIn("image-scanner", test_names) + self.assertIn("compliance-scanner", test_names) + + # Find the image-scanner test + image_scanner_test = next(t for t in tests if t.name == "image-scanner") + self.assertEqual("image-scanner", image_scanner_test.type) + self.assertIsNone(image_scanner_test.version) + self.assertEqual(2, len(image_scanner_test.findings)) + + # Verify findings are properly created + finding1 = image_scanner_test.findings[0] + self.assertEqual("CVE-2025-9232 in libcrypto3", finding1.title) + self.assertEqual("Low", finding1.severity) + # Verify test is not set - check using hasattr to avoid RelatedObjectDoesNotExist + self.assertFalse(hasattr(finding1, "test") and finding1.test is not None) + + def test_get_tests_multiple_sources(self): + with sample_path("openreports_list_format.json").open(encoding="utf-8") as test_file: + parser = OpenreportsParser() + tests = parser.get_tests("OpenReports", test_file) + + # Should have two tests for the two different sources + self.assertEqual(len(tests), 2) + + # Verify test names + test_names = {test.name for test in tests} + self.assertIn("policy-scanner", test_names) + self.assertIn("image-scanner", test_names) + + # Find the image-scanner test + image_scanner_test = next(t for t in tests if t.name == "image-scanner") + self.assertEqual(2, len(image_scanner_test.findings)) + + # Find the policy-scanner test + policy_scanner_test = next(t for t in tests if t.name == "policy-scanner") + self.assertEqual(1, len(policy_scanner_test.findings)) + + # Verify findings have no test set + for test in tests: + for finding in test.findings: + # Check using hasattr to avoid RelatedObjectDoesNotExist + self.assertFalse(hasattr(finding, "test") and finding.test is not None) diff --git a/unittests/tools/test_rusty_hog_parser.py b/unittests/tools/test_rusty_hog_parser.py index a9fc057f50e..96c5e48a80b 100644 --- a/unittests/tools/test_rusty_hog_parser.py +++ b/unittests/tools/test_rusty_hog_parser.py @@ -1,3 +1,4 @@ +from dojo.models import Test, Test_Type from dojo.tools.rusty_hog.parser import RustyhogParser from unittests.dojo_test_case import DojoTestCase, get_unit_tests_scans_path @@ -21,6 +22,15 @@ def test_parse_file_with_multiple_vuln_has_multiple_finding_choctawhog(self): findings = parser.get_findings(testfile, "Choctaw Hog") self.assertEqual(13, len(findings)) + def test_parse_file_with_multiple_vuln_test_type(self): + with (get_unit_tests_scans_path("rusty_hog") / "choctawhog_many_vulns.json").open(encoding="utf-8") as testfile: + test_type = Test_Type(name="Rusty Hog") + test = Test(test_type=test_type) + self.assertEqual("Rusty Hog", test.test_type.name) + parser = RustyhogParser() + tests = parser.get_tests("Rusty Hog", testfile) + self.assertEqual("Rusty Hog", tests[0].name) + def test_parse_file_with_multiple_vuln_has_multiple_finding_choctawhog_content(self): with (get_unit_tests_scans_path("rusty_hog") / "choctawhog_many_vulns.json").open(encoding="utf-8") as testfile: parser = RustyhogParser() diff --git a/unittests/tools/test_zora_parser.py b/unittests/tools/test_zora_parser.py new file mode 100644 index 00000000000..9ad4cc61055 --- /dev/null +++ b/unittests/tools/test_zora_parser.py @@ -0,0 +1,38 @@ +from dojo.models import Test +from dojo.tools.zora.parser import ZoraParser +from unittests.dojo_test_case import DojoTestCase, get_unit_tests_scans_path + + +class TestZoraParser(DojoTestCase): + + def test_parse_file_with_no_vuln_has_no_finding(self): + with (get_unit_tests_scans_path("zora") / "scan_empty.csv").open(encoding="utf-8") as testfile: + content = testfile.read() # Read raw content + parser = ZoraParser() + findings = parser.get_findings(content, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_file_with_many_vuln_has_many_findings(self): + with (get_unit_tests_scans_path("zora") / "scan_many.csv").open(encoding="utf-8") as testfile: + content = testfile.read() # Read raw content + parser = ZoraParser() + findings = parser.get_findings(content, Test()) + self.assertEqual(198, len(findings)) # Adjust based on your test file + # Check a specific finding for correctness + finding = findings[0] + self.assertEqual(True, finding.fix_available) + self.assertEqual("1.2.5-r1", finding.fix_version) + finding = findings[1] + self.assertEqual(False, finding.fix_available) + self.assertEqual(None, finding.fix_version) + finding = findings[2] + self.assertEqual(False, finding.fix_available) + self.assertEqual(None, finding.fix_version) + finding = findings[3] + self.assertEqual(True, finding.fix_available) + self.assertEqual("3.3.5-r0", finding.fix_version) + finding = findings[10] + self.assertEqual("net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertTrue(finding.unique_id_from_tool.startswith(f"{finding.description.splitlines()[0].split(': ')[1]}")) + self.assertEqual('**Source**: Trivy\n**Image**: ghcr.io/undistro/popeye:0.21\n**ID**: CVE-2025-47912\n**Details**: The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.\n', finding.description) diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml index 37a72f9bd80..27cb4916548 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml @@ -2,14 +2,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, - "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/", + "url_ui": "http://localhost:8080/test/92", "url_api": "http://localhost:8080/api/v2/tests/92/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 95, "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/"}}' + 92, "url_ui": "http://localhost:8080/test/92", "url_api": "http://localhost:8080/api/v2/tests/92/"}}' headers: Accept: - application/json @@ -24,7 +24,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.48.4 + - DefectDojo-2.52.0-dev X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -38,22 +38,22 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"844\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.48.4\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.52.0-dev\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.7\",\n \"url\": + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.7\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/95/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/92\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/92/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 95, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/95/\\\"}}\",\n \"files\": + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 92, \\\"url_ui\\\": \\\"http://localhost:8080/test/92\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/92/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -63,11 +63,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 95,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n - \ \"url_ui\": \"http://localhost:8080/test/95\"\n },\n \"title\": + 92,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/92/\",\n + \ \"url_ui\": \"http://localhost:8080/test/92\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n \"url_ui\": - \"http://localhost:8080/test/95\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/92/\",\n \"url_ui\": + \"http://localhost:8080/test/92\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Fri, 25 Jul 2025 19:02:56 GMT + - Tue, 04 Nov 2025 18:02:04 GMT Transfer-Encoding: - chunked status: @@ -85,32 +85,32 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/", + null, "url_ui": "http://localhost:8080/test/92", "url_api": "http://localhost:8080/api/v2/tests/92/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 95, "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/"}, - "finding_count": 5, "findings": {"new": [{"id": 247, "title": "2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/247", - "url_api": "http://localhost:8080/api/v2/findings/247/"}, {"id": 248, "title": + 92, "url_ui": "http://localhost:8080/test/92", "url_api": "http://localhost:8080/api/v2/tests/92/"}, + "finding_count": 5, "findings": {"new": [{"id": 235, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/235", + "url_api": "http://localhost:8080/api/v2/findings/235/"}, {"id": 236, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", - "severity": "High", "url_ui": "http://localhost:8080/finding/248", "url_api": - "http://localhost:8080/api/v2/findings/248/"}, {"id": 246, "title": "Regular + "severity": "High", "url_ui": "http://localhost:8080/finding/236", "url_api": + "http://localhost:8080/api/v2/findings/236/"}, {"id": 234, "title": "Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", - "url_ui": "http://localhost:8080/finding/246", "url_api": "http://localhost:8080/api/v2/findings/246/"}, - {"id": 249, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", - "severity": "Medium", "url_ui": "http://localhost:8080/finding/249", "url_api": - "http://localhost:8080/api/v2/findings/249/"}, {"id": 250, "title": "2222Remote + "url_ui": "http://localhost:8080/finding/234", "url_api": "http://localhost:8080/api/v2/findings/234/"}, + {"id": 237, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/237", "url_api": + "http://localhost:8080/api/v2/findings/237/"}, {"id": 238, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", - "severity": "Medium", "url_ui": "http://localhost:8080/finding/250", "url_api": - "http://localhost:8080/api/v2/findings/250/"}], "reactivated": [], "mitigated": + "severity": "Medium", "url_ui": "http://localhost:8080/finding/238", "url_api": + "http://localhost:8080/api/v2/findings/238/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -126,7 +126,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.48.4 + - DefectDojo-2.52.0-dev X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -140,82 +140,82 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"2373\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.48.4\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.52.0-dev\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.7\",\n \"url\": + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.7\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", - \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/95/\\\", \\\"product_type\\\": + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/92\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/92/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 95, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/95/\\\"}, \\\"finding_count\\\": - 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 247, \\\"title\\\": \\\"2222Regular + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 92, \\\"url_ui\\\": \\\"http://localhost:8080/test/92\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/92/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 235, \\\"title\\\": \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/247\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/247/\\\"}, {\\\"id\\\": 248, \\\"title\\\": + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/235\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/235/\\\"}, {\\\"id\\\": 236, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/248\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/248/\\\"}, - {\\\"id\\\": 246, \\\"title\\\": \\\"Regular Expression Denial of Service + \\\"http://localhost:8080/finding/236\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/236/\\\"}, + {\\\"id\\\": 234, \\\"title\\\": \\\"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/246\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/246/\\\"}, - {\\\"id\\\": 249, \\\"title\\\": \\\"Regular Expression Denial of Service + \\\"http://localhost:8080/finding/234\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/234/\\\"}, + {\\\"id\\\": 237, \\\"title\\\": \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/249\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/249/\\\"}, - {\\\"id\\\": 250, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + \\\"http://localhost:8080/finding/237\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/237/\\\"}, + {\\\"id\\\": 238, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/250\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/250/\\\"}], \\\"reactivated\\\": + \\\"url_ui\\\": \\\"http://localhost:8080/finding/238\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/238/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 247,\n \"severity\": \"High\",\n \"title\": + \ \"id\": 235,\n \"severity\": \"High\",\n \"title\": \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/247/\",\n \"url_ui\": \"http://localhost:8080/finding/247\"\n - \ },\n {\n \"id\": 248,\n \"severity\": \"High\",\n + \"http://localhost:8080/api/v2/findings/235/\",\n \"url_ui\": \"http://localhost:8080/finding/235\"\n + \ },\n {\n \"id\": 236,\n \"severity\": \"High\",\n \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= - 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/248/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/248\"\n },\n - \ {\n \"id\": 246,\n \"severity\": \"Medium\",\n \"title\": + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/236/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/236\"\n },\n + \ {\n \"id\": 234,\n \"severity\": \"Medium\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/246/\",\n \"url_ui\": \"http://localhost:8080/finding/246\"\n - \ },\n {\n \"id\": 249,\n \"severity\": \"Medium\",\n + \"http://localhost:8080/api/v2/findings/234/\",\n \"url_ui\": \"http://localhost:8080/finding/234\"\n + \ },\n {\n \"id\": 237,\n \"severity\": \"Medium\",\n \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/findings/249/\",\n \"url_ui\": - \"http://localhost:8080/finding/249\"\n },\n {\n \"id\": - 250,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + \ \"url_api\": \"http://localhost:8080/api/v2/findings/237/\",\n \"url_ui\": + \"http://localhost:8080/finding/237\"\n },\n {\n \"id\": + 238,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < - 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/250/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/250\"\n }\n ],\n + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/238/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/238\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 95,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n - \ \"url_ui\": \"http://localhost:8080/test/95\"\n },\n \"title\": + 92,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/92/\",\n + \ \"url_ui\": \"http://localhost:8080/test/92\"\n },\n \"title\": \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n - \ \"url_ui\": \"http://localhost:8080/test/95\",\n \"user\": null\n }\n}\n" + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/92/\",\n + \ \"url_ui\": \"http://localhost:8080/test/92\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -224,7 +224,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Fri, 25 Jul 2025 19:02:56 GMT + - Tue, 04 Nov 2025 18:02:04 GMT Transfer-Encoding: - chunked status: @@ -244,17 +244,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:02:57.595+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:04.511+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 87e09610-cc06-4a8a-a197-0e9ce1263593 + - 84eb414d-a348-4388-8632-08caec20d928 Atl-Traceid: - - 87e09610cc064a8aa1970e9ce1263593 + - 84eb414da3484388863208caec20d928 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -264,7 +264,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:02:57 GMT + - Tue, 04 Nov 2025 18:02:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -274,7 +274,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=328,atl-edge;dur=323,atl-edge-internal;dur=14,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="FQD4czgzlQ9F5YGvQGP7yj0lV5y5pAwBZB7XaNOg0qMzKGBIq2Xa3A==",cdn-downstream-fbl;dur=331 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=250,atl-edge;dur=227,atl-edge-internal;dur=13,atl-edge-upstream;dur=214,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="Gfcwv0to1yWDtbW7j2ULUXR1haCo_GCu4Cct8PTcUas_LkF20tC8eg==",cdn-downstream-fbl;dur=253 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -284,15 +284,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 902b6168cd46b8e2de576dabe4e7f0f8.cloudfront.net (CloudFront) + - 1.1 c11dc3a4786e038ddffb5e925a892302.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - FQD4czgzlQ9F5YGvQGP7yj0lV5y5pAwBZB7XaNOg0qMzKGBIq2Xa3A== + - Gfcwv0to1yWDtbW7j2ULUXR1haCo_GCu4Cct8PTcUas_LkF20tC8eg== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - c23d70909455da51af7da0dbd61404da + - ea35da2fcae8ee7faf589d20046347c8 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -316,7 +320,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -330,9 +334,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - b1a19c85-bff0-4945-b173-283a8bd53ba8 + - 74ad6563-7915-49c1-a310-525d8ad81ddf Atl-Traceid: - - b1a19c85bff04945b173283a8bd53ba8 + - 74ad6563791549c1a310525d8ad81ddf Cache-Control: - no-cache, no-store, no-transform Connection: @@ -342,7 +346,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:02:59 GMT + - Tue, 04 Nov 2025 18:02:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -352,7 +356,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=489,atl-edge;dur=486,atl-edge-internal;dur=15,atl-edge-upstream;dur=471,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="5-rw1PtU3FIpq8dtpbsC-bGhD0B43quh_X5uB7YTZ-RRZtD-ywLNvg==",cdn-downstream-fbl;dur=492 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=409,atl-edge;dur=387,atl-edge-internal;dur=17,atl-edge-upstream;dur=370,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="ERcuFkqXvhUWrBbjbx65xkdwuJ9CC7UCRONZbIMrGvFulq80JsAflg==",cdn-downstream-fbl;dur=414 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -362,18 +366,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 da84bd533f95bc21581ad9f33da5b73a.cloudfront.net (CloudFront) + - 1.1 d7b3fa0ef559ab3ac226fc78e47d311a.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 5-rw1PtU3FIpq8dtpbsC-bGhD0B43quh_X5uB7YTZ-RRZtD-ywLNvg== + - ERcuFkqXvhUWrBbjbx65xkdwuJ9CC7UCRONZbIMrGvFulq80JsAflg== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P1 X-Arequestid: - - af9afffbde195f59fc4dbedb0333868c + - 8320bc1f1ee4ae6b83bc30b3914118e0 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -387,20 +395,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified and + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -410,9 +418,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -432,21 +440,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3540' + - '3538' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"21268","key":"NTEST-3089","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268"}' + string: '{"id":"23615","key":"NTEST-3174","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615"}' headers: Atl-Request-Id: - - 78fb4eef-4458-4109-9bb0-df8773d2c147 + - fd86d71b-2e0b-414c-93bf-83227145a1f9 Atl-Traceid: - - 78fb4eef445841099bb0df8773d2c147 + - fd86d71b2e0b414c93bf83227145a1f9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -454,7 +462,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:00 GMT + - Tue, 04 Nov 2025 18:02:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -464,7 +472,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=901,atl-edge;dur=895,atl-edge-internal;dur=15,atl-edge-upstream;dur=880,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="StrjBrHSWCvNqr8OI1ytGk1aPN-7X4_XoZKbH3j4tp7rA5CiR84NKw==",cdn-downstream-fbl;dur=904 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=854,atl-edge;dur=832,atl-edge-internal;dur=16,atl-edge-upstream;dur=815,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="f2xEZR96D6xpQ9OomNDKv3lfWsjZhVty-qF1wdICuCwfC0l5iO0TuQ==",cdn-downstream-fbl;dur=859 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -474,15 +482,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4ec881b9cff95ab6b1f20a72ee8404c4.cloudfront.net (CloudFront) + - 1.1 96b078df4a5d96ad3cc52cfe9d984774.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - StrjBrHSWCvNqr8OI1ytGk1aPN-7X4_XoZKbH3j4tp7rA5CiR84NKw== + - f2xEZR96D6xpQ9OomNDKv3lfWsjZhVty-qF1wdICuCwfC0l5iO0TuQ== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN52-P1 X-Arequestid: - - 9e58b841e389843ef81eb21c4222b6d5 + - 1ce41d39aece41fe84b44e5ce0cc8d06 + X-Beta-Ratelimit-Limit: + - '200' + X-Beta-Ratelimit-Remaining: + - '199' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -506,32 +518,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -541,9 +553,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -553,12 +565,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 688e55f3-3299-470b-9150-2d0dc672cc34 + - 96839452-3336-4f57-8765-9c56c75eeac2 Atl-Traceid: - - 688e55f33299470b91502d0dc672cc34 + - 9683945233364f5787659c56c75eeac2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -568,7 +580,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:02 GMT + - Tue, 04 Nov 2025 18:02:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -578,7 +590,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=406,atl-edge;dur=404,atl-edge-internal;dur=15,atl-edge-upstream;dur=389,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="brH9xqsPkfS-JMNJkxvM4Eu8lhNhdl202zBRFUvZadcrq-TUP29tHA==",cdn-downstream-fbl;dur=410 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=280,atl-edge;dur=257,atl-edge-internal;dur=18,atl-edge-upstream;dur=240,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="0k39cfEPK8vpFSYLsBoMQwFrZviUH94jg3gHiPyLSBzhW3kDLCTrJg==",cdn-downstream-fbl;dur=284 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -588,15 +600,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f10eedb52fc0d82204e85d20112deafa.cloudfront.net (CloudFront) + - 1.1 f6327093dd59f54131617ea3ab04bd94.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - brH9xqsPkfS-JMNJkxvM4Eu8lhNhdl202zBRFUvZadcrq-TUP29tHA== + - 0k39cfEPK8vpFSYLsBoMQwFrZviUH94jg3gHiPyLSBzhW3kDLCTrJg== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P2 X-Arequestid: - - e7edb0b415127803592cbc45a7e5a4b5 + - ec452c2a04c8d88d082d8c4db2d5cb8d + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -620,32 +636,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -655,9 +671,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -667,12 +683,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 1a96f827-aca4-410c-9d88-cb4b590df03f + - 698ab61c-4988-460f-a848-47aafb0030f7 Atl-Traceid: - - 1a96f827aca4410c9d88cb4b590df03f + - 698ab61c4988460fa84847aafb0030f7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -682,7 +698,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:03 GMT + - Tue, 04 Nov 2025 18:02:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -692,7 +708,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=416,atl-edge;dur=414,atl-edge-internal;dur=15,atl-edge-upstream;dur=399,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="QYhhYlfMA88IBYFaanzvO1AzOkF3jK6afwEtjrUFo4rC49Y3yQSNuQ==",cdn-downstream-fbl;dur=420 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=401,atl-edge;dur=313,atl-edge-internal;dur=20,atl-edge-upstream;dur=292,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="vWi3EdHtOzg-Tp1ak4kNRPHt2UOn5LuhJDXy-eZFyqWiJUUWu76_Cw==",cdn-downstream-fbl;dur=406 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -702,15 +718,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0e61cdf08a154ac7d647c2dc742467a6.cloudfront.net (CloudFront) + - 1.1 5a94950aa5895e56460f82b3086d0b0c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - QYhhYlfMA88IBYFaanzvO1AzOkF3jK6afwEtjrUFo4rC49Y3yQSNuQ== + - vWi3EdHtOzg-Tp1ak4kNRPHt2UOn5LuhJDXy-eZFyqWiJUUWu76_Cw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P1 X-Arequestid: - - 5d9509d79ab893f6881f5000dc38a104 + - 9ff91c9d4335bf63a04a9a6dd144022c + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -734,17 +754,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:04.581+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:07.222+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - ea32309e-c226-4a0d-b73a-d960e218569d + - 70955815-9d28-48cf-90e9-669e3d4bc0a7 Atl-Traceid: - - ea32309ec2264a0db73ad960e218569d + - 709558159d2848cf90e9669e3d4bc0a7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -754,7 +774,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:04 GMT + - Tue, 04 Nov 2025 18:02:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -764,7 +784,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=325,atl-edge;dur=323,atl-edge-internal;dur=15,atl-edge-upstream;dur=308,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="iswaYNMh8YudWTH9CQuiAXVW5BQH16sonjXQLLCn_taBkBMCmwsSKw==",cdn-downstream-fbl;dur=329 + - cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="Qa9URLPaMa6ikMG2OW5Rg29O7Nnbx0ui3Bddg1weVHvUdq2vNauS9A==",cdn-downstream-fbl;dur=270,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=67,cdn-upstream-fbl;dur=267,atl-edge;dur=176,atl-edge-internal;dur=20,atl-edge-upstream;dur=155,atl-edge-pop;desc="aws-us-west-2" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -774,15 +794,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 74ae22067fef6f6228fb9f864f22f58a.cloudfront.net (CloudFront) + - 1.1 949f831c3bb70b840d7eecaeb220bbfa.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - iswaYNMh8YudWTH9CQuiAXVW5BQH16sonjXQLLCn_taBkBMCmwsSKw== + - Qa9URLPaMa6ikMG2OW5Rg29O7Nnbx0ui3Bddg1weVHvUdq2vNauS9A== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - e270fcc6792d3ffa51e7e8ad9e9c8d84 + - 42d62cd510d79b6ffb0403234017575a + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -806,32 +830,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -841,9 +865,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -853,12 +877,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - ae00100f-4d11-40e9-9932-15d9021e6759 + - fb011005-80a3-4d39-8537-813dddbd6615 Atl-Traceid: - - ae00100f4d1140e9993215d9021e6759 + - fb01100580a34d398537813dddbd6615 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -868,7 +892,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:06 GMT + - Tue, 04 Nov 2025 18:02:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -878,7 +902,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=420,atl-edge;dur=418,atl-edge-internal;dur=15,atl-edge-upstream;dur=403,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="bgetvlO4WpCinB-heDQIha0uuofhS5EorQlJE9ou15CELKr1QTCrjg==",cdn-downstream-fbl;dur=423 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=419,atl-edge;dur=331,atl-edge-internal;dur=21,atl-edge-upstream;dur=308,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="8vx7EoxVuI99a62P5Tr9aCsgWdh7eUfOB7jOs-9OtyVtTB-tPqHKsQ==",cdn-downstream-fbl;dur=423 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -888,15 +912,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 aebce22763fb7e32a807cd494884a9b4.cloudfront.net (CloudFront) + - 1.1 05fe6f95b77eb54d0691950915c27264.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - bgetvlO4WpCinB-heDQIha0uuofhS5EorQlJE9ou15CELKr1QTCrjg== + - 8vx7EoxVuI99a62P5Tr9aCsgWdh7eUfOB7jOs-9OtyVtTB-tPqHKsQ== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P2 X-Arequestid: - - b39c817f7c2df536c188eac2e9f8726c + - 0faee4be973ae5ac859f02e5d753201d + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -920,17 +948,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:07.128+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:08.101+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 537537da-de60-458a-ac4b-eeb5dfbdf818 + - 3e93b632-404f-4c97-8b5e-e53e89385eb3 Atl-Traceid: - - 537537dade60458aac4beeb5dfbdf818 + - 3e93b632404f4c978b5ee53e89385eb3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -940,7 +968,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:07 GMT + - Tue, 04 Nov 2025 18:02:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -950,7 +978,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=326,atl-edge;dur=323,atl-edge-internal;dur=16,atl-edge-upstream;dur=307,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="SiwlZ_K47ZgS_TQfpdkxeGBcmidrzFLppMLZ1O6VQrZAeiJNt_i62w==",cdn-downstream-fbl;dur=329 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=202,atl-edge;dur=177,atl-edge-internal;dur=16,atl-edge-upstream;dur=162,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="etpLicu7TQewaNacytUJJrOszSnNNDLK7WvjA_YA-cV4iTRd1ndbdw==",cdn-downstream-fbl;dur=206 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -960,15 +988,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 490b2d87256587a734fcd39d5d6c7392.cloudfront.net (CloudFront) + - 1.1 ba437ea2340585e48bd8901315998164.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - SiwlZ_K47ZgS_TQfpdkxeGBcmidrzFLppMLZ1O6VQrZAeiJNt_i62w== + - etpLicu7TQewaNacytUJJrOszSnNNDLK7WvjA_YA-cV4iTRd1ndbdw== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P2 X-Arequestid: - - aabd7033d76f62ed7a5419ff8d04a289 + - c57807bdcb2be629f110daeee436bb9a + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -992,32 +1024,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1027,9 +1059,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1039,12 +1071,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 7702705d-9d33-4baf-9ece-59fc4749fcd1 + - acb193c1-a63a-4ad8-906e-c872eb0eafa9 Atl-Traceid: - - 7702705d9d334baf9ece59fc4749fcd1 + - acb193c1a63a4ad8906ec872eb0eafa9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1054,7 +1086,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:08 GMT + - Tue, 04 Nov 2025 18:02:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1064,7 +1096,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=410,atl-edge;dur=409,atl-edge-internal;dur=15,atl-edge-upstream;dur=394,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="GjkZNDPUB0D2uY39X0UH-2FysELkAuiNFnN8WHIYURAWumMzxTwUbg==",cdn-downstream-fbl;dur=414 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=512,atl-edge;dur=420,atl-edge-internal;dur=17,atl-edge-upstream;dur=400,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="Cc5h3Hl1bFI6KVrRPSVLXFG78TNyB1Mo3IfEMiKwiVqQpwgL1ekbug==",cdn-downstream-fbl;dur=515 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1074,15 +1106,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 903696f43fdfc4019d7102b6711e9fca.cloudfront.net (CloudFront) + - 1.1 38eee5097e81ef860ba8d4b144d6ea36.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - GjkZNDPUB0D2uY39X0UH-2FysELkAuiNFnN8WHIYURAWumMzxTwUbg== + - Cc5h3Hl1bFI6KVrRPSVLXFG78TNyB1Mo3IfEMiKwiVqQpwgL1ekbug== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P2 X-Arequestid: - - 785d746ed3b15ff24479c5dd7c6bec74 + - dd075a25136f284c01fa591892a8c618 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '396' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1106,7 +1142,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -1120,9 +1156,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - e1b066b2-c949-4acc-82ed-0c487d9ec2f4 + - 0b828255-2c3d-4429-b94f-a2a8529253f1 Atl-Traceid: - - e1b066b2c9494acc82ed0c487d9ec2f4 + - 0b8282552c3d4429b94fa2a8529253f1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1132,7 +1168,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:09 GMT + - Tue, 04 Nov 2025 18:02:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1142,7 +1178,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=476,atl-edge;dur=473,atl-edge-internal;dur=18,atl-edge-upstream;dur=456,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="igD7knl5DbuQ5ZfHiFTeeiisYeMlDdQOoONo6UI1z_cCPXBGylTEyA==",cdn-downstream-fbl;dur=480 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=456,atl-edge;dur=366,atl-edge-internal;dur=19,atl-edge-upstream;dur=346,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="SYgu4cfSX83fpR2L6ikLwZgVbmPxx8DWaN23u1pJ3jQkBs93fJ4rHQ==",cdn-downstream-fbl;dur=461 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1152,18 +1188,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0462a83c1b4a9fa5a2554db6feb3a19c.cloudfront.net (CloudFront) + - 1.1 89771419757f75b08f6c8fd411f8ef54.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - igD7knl5DbuQ5ZfHiFTeeiisYeMlDdQOoONo6UI1z_cCPXBGylTEyA== + - SYgu4cfSX83fpR2L6ikLwZgVbmPxx8DWaN23u1pJ3jQkBs93fJ4rHQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P1 X-Arequestid: - - 12b5a3b051873b10044beee8f7c093ae + - 946843fc13402b91740f85fc0d144693 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1177,20 +1217,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified and + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1200,9 +1240,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1222,21 +1262,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3554' + - '3552' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - 64604dff-de45-4e77-bb48-a55ab83f3408 + - 1b62f2cc-df65-4434-b86c-65327d48692c Atl-Traceid: - - 64604dffde454e77bb48a55ab83f3408 + - 1b62f2ccdf654434b86c65327d48692c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1244,7 +1284,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:11 GMT + - Tue, 04 Nov 2025 18:02:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1254,7 +1294,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=489,atl-edge;dur=482,atl-edge-internal;dur=14,atl-edge-upstream;dur=468,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="JdwyDugc3eQLpH6fm9nCuvuWXXpt4CIzYCs20pxu0oTxfN6-JyUubQ==",cdn-downstream-fbl;dur=492 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=435,atl-edge;dur=409,atl-edge-internal;dur=17,atl-edge-upstream;dur=392,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="pkPSgUhZnEDVvSzTho9jSU3DkHyXp5Qk0olAlRnMksJcU_Wv0CL-3Q==",cdn-downstream-fbl;dur=439 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1262,15 +1302,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 de78b5b2f4bbd9bb1abd6bed27a85d78.cloudfront.net (CloudFront) + - 1.1 708370555615eac6a25379c04fbdd8ea.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - JdwyDugc3eQLpH6fm9nCuvuWXXpt4CIzYCs20pxu0oTxfN6-JyUubQ== + - pkPSgUhZnEDVvSzTho9jSU3DkHyXp5Qk0olAlRnMksJcU_Wv0CL-3Q== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P3 X-Arequestid: - - 0e0fd4a41d509e65190567a369b3d2f8 + - be8eb4961a4102d8ade8937be8e4b8f6 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1294,32 +1338,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1329,9 +1373,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1341,12 +1385,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - aeb3ebbc-ad55-4022-ac2e-78ea464a916a + - 4c02c32a-927c-46ac-b551-1ac15ac5f1bc Atl-Traceid: - - aeb3ebbcad554022ac2e78ea464a916a + - 4c02c32a927c46acb5511ac15ac5f1bc Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1356,7 +1400,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:13 GMT + - Tue, 04 Nov 2025 18:02:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1366,7 +1410,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=912,atl-edge;dur=910,atl-edge-internal;dur=14,atl-edge-upstream;dur=896,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="7XHZZP5H0xBAkolpWjvQ9kfqQYYIxMGSsdU4QP3U7K7g9fvkTSu2SA==",cdn-downstream-fbl;dur=916 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=307,atl-edge;dur=283,atl-edge-internal;dur=19,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="limXlHkur7WkBoc__dXe5Z7lMUJXTEvbQsB-cjBcViHkB8Pnf9J2XA==",cdn-downstream-fbl;dur=310 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1376,15 +1420,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e3d6764a647541ed814ff5842b8b1476.cloudfront.net (CloudFront) + - 1.1 76f2e1e449c547c66904d58101f10ea6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 7XHZZP5H0xBAkolpWjvQ9kfqQYYIxMGSsdU4QP3U7K7g9fvkTSu2SA== + - limXlHkur7WkBoc__dXe5Z7lMUJXTEvbQsB-cjBcViHkB8Pnf9J2XA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P2 X-Arequestid: - - 126a2cfadcb8fce8b755f69b40e68012 + - 531933026dbce014e7494f0296ce64df + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1408,17 +1456,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:14.239+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:10.471+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 44087460-6f19-49f2-99b5-bde754b78559 + - 22ded4a6-f69f-47ef-ab07-3196ad878fb3 Atl-Traceid: - - 440874606f1949f299b5bde754b78559 + - 22ded4a6f69f47efab073196ad878fb3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1428,7 +1476,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:14 GMT + - Tue, 04 Nov 2025 18:02:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1438,7 +1486,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=341,atl-edge;dur=339,atl-edge-internal;dur=13,atl-edge-upstream;dur=326,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="26edOcy7Kxo0DyMfI9EUcHRgupdK4HKkmjm2DohsqEoH7900YiC9ug==",cdn-downstream-fbl;dur=345 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=213,atl-edge;dur=190,atl-edge-internal;dur=17,atl-edge-upstream;dur=173,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="hreyU7MUxxAXKkDe_ZyotpsDIUFD2mCeMLKLsiI-g882Ythw-xmQJw==",cdn-downstream-fbl;dur=217 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1448,15 +1496,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 237cbfb8cde372b8f33bda5565e9b52c.cloudfront.net (CloudFront) + - 1.1 b86386058101394cf48b049b58f8d788.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 26edOcy7Kxo0DyMfI9EUcHRgupdK4HKkmjm2DohsqEoH7900YiC9ug== + - hreyU7MUxxAXKkDe_ZyotpsDIUFD2mCeMLKLsiI-g882Ythw-xmQJw== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P1 X-Arequestid: - - 4145c4e9c8c75a255f7163541629a4c0 + - 8402396b323202bf7f468f30dc19b8bc + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1480,32 +1532,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1515,9 +1567,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1527,12 +1579,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 3da11bd3-a8aa-4b1e-961d-5d6a4ef1b8ad + - eb2e2e11-5982-4940-90a2-008f1c3c2118 Atl-Traceid: - - 3da11bd3a8aa4b1e961d5d6a4ef1b8ad + - eb2e2e115982494090a2008f1c3c2118 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1542,7 +1594,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:15 GMT + - Tue, 04 Nov 2025 18:02:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1552,7 +1604,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=408,atl-edge;dur=406,atl-edge-internal;dur=15,atl-edge-upstream;dur=391,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="GJ1_LXZe2jcn2sAWqNq6nOhGBiFv7Lwbp49upI5EyXAtmI0IR3hPzw==",cdn-downstream-fbl;dur=413 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=337,atl-edge;dur=314,atl-edge-internal;dur=33,atl-edge-upstream;dur=278,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="UTGgSNcbBEZ9gXBOrJFZpWjFi-FCeAaLxs0caWpPW2OScGY8fzkJrQ==",cdn-downstream-fbl;dur=341 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1562,15 +1614,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 30a845a852b74a2965aabbcb6034301e.cloudfront.net (CloudFront) + - 1.1 77dfdef79344c95f75de8512042d4bac.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - GJ1_LXZe2jcn2sAWqNq6nOhGBiFv7Lwbp49upI5EyXAtmI0IR3hPzw== + - UTGgSNcbBEZ9gXBOrJFZpWjFi-FCeAaLxs0caWpPW2OScGY8fzkJrQ== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN53-P1 X-Arequestid: - - 5d52321a767cb4de97d53a23c73f19ac + - 598e1c541f46b55e14ff1d61b301538f + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1594,17 +1650,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:16.721+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:11.127+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 385a7b5f-a896-46ea-861f-30162f3a67d7 + - 12aafee7-dbee-4176-9d25-3b5f6c24c890 Atl-Traceid: - - 385a7b5fa89646ea861f30162f3a67d7 + - 12aafee7dbee41769d253b5f6c24c890 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1614,7 +1670,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:16 GMT + - Tue, 04 Nov 2025 18:02:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1624,7 +1680,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=322,atl-edge;dur=320,atl-edge-internal;dur=13,atl-edge-upstream;dur=306,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="iGMFuHs3UcPPfcXVeuZOSQKlyIpjMb3IbpIngT6jpypm5nloql_PoA==",cdn-downstream-fbl;dur=325 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=208,atl-edge;dur=185,atl-edge-internal;dur=15,atl-edge-upstream;dur=168,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="_svgmad-2g87POgHOFQA_8eWqA5tfzydFB8_JkkOl9ux0Q-34y3OjA==",cdn-downstream-fbl;dur=211 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1634,15 +1690,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront) + - 1.1 b93403e5b15ed21bc6e80b8108e9d988.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - iGMFuHs3UcPPfcXVeuZOSQKlyIpjMb3IbpIngT6jpypm5nloql_PoA== + - _svgmad-2g87POgHOFQA_8eWqA5tfzydFB8_JkkOl9ux0Q-34y3OjA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P3 X-Arequestid: - - d501984a1f5c179f63b570c8cff6aff9 + - 52936e1b6d5a4a947debcbeef38be0ea + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1666,32 +1726,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1701,9 +1761,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1713,12 +1773,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 4d3525f2-cfba-40aa-8487-414ba066e229 + - bdb80fe7-822d-4055-8cf4-79b2a6a048ed Atl-Traceid: - - 4d3525f2cfba40aa8487414ba066e229 + - bdb80fe7822d40558cf479b2a6a048ed Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1728,7 +1788,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:18 GMT + - Tue, 04 Nov 2025 18:02:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1738,7 +1798,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=416,atl-edge;dur=414,atl-edge-internal;dur=15,atl-edge-upstream;dur=399,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="hVJwmez2KjuGpj1j-tmMhS0L_kAl6bMq7WZYKBvwWqG-8Ca55801Pw==",cdn-downstream-fbl;dur=421 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=306,atl-edge;dur=283,atl-edge-internal;dur=20,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="bfc6kJYAadYp7um0y2GJYsSrrBUBQxPUIYhtfO4E9sEaAs36Ts9M_Q==",cdn-downstream-fbl;dur=310 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1748,15 +1808,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 df166554184adf2da43f53000107ac74.cloudfront.net (CloudFront) + - 1.1 66fbb9efab6146079af1497f336edf9e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - hVJwmez2KjuGpj1j-tmMhS0L_kAl6bMq7WZYKBvwWqG-8Ca55801Pw== + - bfc6kJYAadYp7um0y2GJYsSrrBUBQxPUIYhtfO4E9sEaAs36Ts9M_Q== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - a7598c5300d79123926b88c4dab487ca + - 7d73a15af779a11b3d3b75d217ad163c + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1780,17 +1844,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:19.275+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:12.083+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 1bd2d2c7-b0f5-4c28-a1ef-35147d370824 + - d0276e3b-06fb-4b2c-a97c-7cb59d11d3e1 Atl-Traceid: - - 1bd2d2c7b0f54c28a1ef35147d370824 + - d0276e3b06fb4b2ca97c7cb59d11d3e1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1800,7 +1864,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:19 GMT + - Tue, 04 Nov 2025 18:02:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1810,7 +1874,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=321,atl-edge;dur=319,atl-edge-internal;dur=14,atl-edge-upstream;dur=306,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="-sdZnGVD8REvkTR7KNeUEeB4BSBZlEUUfHbgJ8sojFxoz8ZDK_-zIQ==",cdn-downstream-fbl;dur=326 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=499,atl-edge;dur=410,atl-edge-internal;dur=19,atl-edge-upstream;dur=390,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="tIKRicT5RfAyIWF7PXHG8sRuaA_osVKZZ0KCu7taydD0uT0RLKQ94w==",cdn-downstream-fbl;dur=504 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1820,15 +1884,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1d3e75fe2262e8a6f4a318b2bf3e6570.cloudfront.net (CloudFront) + - 1.1 93a2323067b2c60f3b86c822765cf3d2.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - -sdZnGVD8REvkTR7KNeUEeB4BSBZlEUUfHbgJ8sojFxoz8ZDK_-zIQ== + - tIKRicT5RfAyIWF7PXHG8sRuaA_osVKZZ0KCu7taydD0uT0RLKQ94w== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P3 X-Arequestid: - - 8eb4360214015ef34f88a0734f4ab22b + - f805233f74018ed4e5cc5b5b7ad65133 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '347' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1852,32 +1920,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1887,9 +1955,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1899,12 +1967,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - a11e7b22-1506-4f68-b366-60cc50e7625f + - 59d3740d-9752-4be3-9634-0bd5846bc0b8 Atl-Traceid: - - a11e7b2215064f68b36660cc50e7625f + - 59d3740d97524be396340bd5846bc0b8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1914,7 +1982,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:20 GMT + - Tue, 04 Nov 2025 18:02:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1924,7 +1992,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=425,atl-edge;dur=422,atl-edge-internal;dur=16,atl-edge-upstream;dur=406,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="0y1t7sSdxZsdjd27ph58eUlxzNXWdCFkLtCrdFZ_v-nx2S-E-xO-ug==",cdn-downstream-fbl;dur=428 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=371,atl-edge;dur=282,atl-edge-internal;dur=18,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="xFq9uPMG9CRshuqmTO_vuiDuItFsogLXAV-C2PAqci9nA2gcZl1uzw==",cdn-downstream-fbl;dur=375 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1934,15 +2002,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 fbd92e37686376c632f471bbca198756.cloudfront.net (CloudFront) + - 1.1 3349382fe72101eee491170c132b7e3c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 0y1t7sSdxZsdjd27ph58eUlxzNXWdCFkLtCrdFZ_v-nx2S-E-xO-ug== + - xFq9uPMG9CRshuqmTO_vuiDuItFsogLXAV-C2PAqci9nA2gcZl1uzw== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P2 X-Arequestid: - - 03cc010086db094fa891f5284c58be24 + - 9e2b1a834627751bcce4a3515ab37072 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1966,7 +2038,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -1980,9 +2052,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - c09de42c-7ecc-4d01-ac0b-683f990b7128 + - cafbc97b-52fb-4e81-8877-4b260e9a9749 Atl-Traceid: - - c09de42c7ecc4d01ac0b683f990b7128 + - cafbc97b52fb4e8188774b260e9a9749 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1992,7 +2064,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:22 GMT + - Tue, 04 Nov 2025 18:02:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2002,7 +2074,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=476,atl-edge;dur=475,atl-edge-internal;dur=13,atl-edge-upstream;dur=461,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="mAL0n6QKIMQbz5GD_TXUITcWeJ7LVTa623bo2f3sl6Zz5LpxO_0Gkg==",cdn-downstream-fbl;dur=480 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=527,atl-edge;dur=437,atl-edge-internal;dur=18,atl-edge-upstream;dur=419,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="xkl-rAU1Om3tF4GT58NRciQiHy4DFZJFh_5kJ_JCDOCy8J_cqG6JGw==",cdn-downstream-fbl;dur=532 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2012,18 +2084,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5e473a5e64c6a2f7bc916721cc188252.cloudfront.net (CloudFront) + - 1.1 73ad00d68a5eb9671b517ae19c83ae52.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - mAL0n6QKIMQbz5GD_TXUITcWeJ7LVTa623bo2f3sl6Zz5LpxO_0Gkg== + - xkl-rAU1Om3tF4GT58NRciQiHy4DFZJFh_5kJ_JCDOCy8J_cqG6JGw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P3 X-Arequestid: - - 0f840bcf24ad92eeb2bf4feb169f09c8 + - e5e3222a3cfcd273504ab373d6c94703 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2037,20 +2113,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified and + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2060,9 +2136,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2082,21 +2158,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3554' + - '3552' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - b1780642-f400-40a0-bf64-e32312a96e7f + - 66d8b50b-2e60-4ae5-b631-8142958d28eb Atl-Traceid: - - b1780642f40040a0bf64e32312a96e7f + - 66d8b50b2e604ae5b6318142958d28eb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2104,7 +2180,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:23 GMT + - Tue, 04 Nov 2025 18:02:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2114,7 +2190,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=500,atl-edge;dur=499,atl-edge-internal;dur=14,atl-edge-upstream;dur=484,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="yHVc2YXatcUeiDtzFIRWHyZpAssPQTkkQ30rpbqixd68PfLs3Z-1Vw==",cdn-downstream-fbl;dur=505 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=393,atl-edge;dur=368,atl-edge-internal;dur=18,atl-edge-upstream;dur=350,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="EW4e3c6E25wWQjSlzbFn5GdaTZGWtIddAqyc4QfQFDZjmij7nH0Mkw==",cdn-downstream-fbl;dur=399 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2122,15 +2198,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c7cd0041811f30bfd9c4a00e82b6a3c8.cloudfront.net (CloudFront) + - 1.1 25c0c572fef0588285c0d89bc75071be.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - yHVc2YXatcUeiDtzFIRWHyZpAssPQTkkQ30rpbqixd68PfLs3Z-1Vw== + - EW4e3c6E25wWQjSlzbFn5GdaTZGWtIddAqyc4QfQFDZjmij7nH0Mkw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P2 X-Arequestid: - - 346ddea5a2724d932e384246a0bd8cd1 + - dc66bb1bf21005c8f9d7345f28888df8 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2154,32 +2234,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2189,9 +2269,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2201,12 +2281,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 734a9b45-56be-4d2d-a7f2-6f4c8b0c4373 + - 0aa75647-dc46-4f8c-b999-89f1ed7950e2 Atl-Traceid: - - 734a9b4556be4d2da7f26f4c8b0c4373 + - 0aa75647dc464f8cb99989f1ed7950e2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2216,7 +2296,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:24 GMT + - Tue, 04 Nov 2025 18:02:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2226,7 +2306,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=409,atl-edge;dur=406,atl-edge-internal;dur=14,atl-edge-upstream;dur=392,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="qosadCarX-6YHbcDTlnseU0M5nyf0G-SQdZQ8Nxp8SKhlkSwGoZuwg==",cdn-downstream-fbl;dur=412 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=471,atl-edge;dur=380,atl-edge-internal;dur=21,atl-edge-upstream;dur=359,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="lDDyxIeawTp0JNd1mxgqAQPS9NWCu9LafnFb2EcPN0F-CjiiHxSTuQ==",cdn-downstream-fbl;dur=474 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2236,15 +2316,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 7bda591fa44b42ef6384ae955fdd5d7c.cloudfront.net (CloudFront) + - 1.1 c29cc996206d7483aa0efdd00191d936.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - qosadCarX-6YHbcDTlnseU0M5nyf0G-SQdZQ8Nxp8SKhlkSwGoZuwg== + - lDDyxIeawTp0JNd1mxgqAQPS9NWCu9LafnFb2EcPN0F-CjiiHxSTuQ== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P1 X-Arequestid: - - c13b6667dc3c1cba83a18bb106e14fd8 + - 20be13273370706533068faf479a6a7f + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2268,17 +2352,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:25.880+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:14.438+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - dc93a941-b162-4ad7-8444-a10a6e89dbe0 + - ff86994c-3756-404b-a894-11ee1fcd0b5a Atl-Traceid: - - dc93a941b1624ad78444a10a6e89dbe0 + - ff86994c3756404ba89411ee1fcd0b5a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2288,7 +2372,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:26 GMT + - Tue, 04 Nov 2025 18:02:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2298,7 +2382,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=316,atl-edge;dur=314,atl-edge-internal;dur=14,atl-edge-upstream;dur=300,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="eMnihDSSW0z_Y93Q4hhhyB3jTqdSZNrsEyZC72vswzNqcdEKikTlJA==",cdn-downstream-fbl;dur=319 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=197,atl-edge;dur=174,atl-edge-internal;dur=14,atl-edge-upstream;dur=160,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="AM7_bpFecKj_cGFzk9tVe6NWJqkc2v00rXUInWnZZmXlXFuJxy2uBQ==",cdn-downstream-fbl;dur=200 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2308,15 +2392,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e3b6a2cc8a3456f4a2dc3bfd506c4344.cloudfront.net (CloudFront) + - 1.1 0ecc9d4faf14441bafb84971a4117abc.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - eMnihDSSW0z_Y93Q4hhhyB3jTqdSZNrsEyZC72vswzNqcdEKikTlJA== + - AM7_bpFecKj_cGFzk9tVe6NWJqkc2v00rXUInWnZZmXlXFuJxy2uBQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P2 X-Arequestid: - - 5c6280e3c2d23adb4d779cea49403270 + - 33c13ab7c3c77c36ed590668cb5e2b5e + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2340,32 +2428,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2375,9 +2463,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2387,12 +2475,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - fcb574a4-8cf4-4875-a147-dfa682e4546e + - 9f81f68a-63bc-4ec4-ac0c-db8cda2b9aa4 Atl-Traceid: - - fcb574a48cf44875a147dfa682e4546e + - 9f81f68a63bc4ec4ac0cdb8cda2b9aa4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2402,7 +2490,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:27 GMT + - Tue, 04 Nov 2025 18:02:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2412,7 +2500,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=413,atl-edge;dur=411,atl-edge-internal;dur=17,atl-edge-upstream;dur=394,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="OD5dm0zurXC1ovFJVWDSjBg4Sb_DgnHJCnuYba2aJ04Op8BPaKjXvw==",cdn-downstream-fbl;dur=417 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=283,atl-edge;dur=260,atl-edge-internal;dur=17,atl-edge-upstream;dur=243,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="mxSqW12DlFC89a7I2k6p5GVBTzi_gzgElTc55OAe_yrDf0bJ7kNoRg==",cdn-downstream-fbl;dur=286 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2422,15 +2510,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2e2023905a055fb3a137d4ecfec97d0e.cloudfront.net (CloudFront) + - 1.1 e559b1049f75d818d7420cfc59459998.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - OD5dm0zurXC1ovFJVWDSjBg4Sb_DgnHJCnuYba2aJ04Op8BPaKjXvw== + - mxSqW12DlFC89a7I2k6p5GVBTzi_gzgElTc55OAe_yrDf0bJ7kNoRg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P3 X-Arequestid: - - c2d455820b036c618863764a91c098fc + - 5491a4ea21bc0e72852d4e8a1660e400 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2454,17 +2546,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:28.391+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:15.099+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - f6d0f9d2-4590-48bc-8152-5d72931592f5 + - ab5c19f2-16c2-4c4a-8bef-0e4bd5f0719a Atl-Traceid: - - f6d0f9d2459048bc81525d72931592f5 + - ab5c19f216c24c4a8bef0e4bd5f0719a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2474,7 +2566,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:28 GMT + - Tue, 04 Nov 2025 18:02:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2484,7 +2576,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=322,atl-edge;dur=320,atl-edge-internal;dur=15,atl-edge-upstream;dur=305,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="6V9qSafzz2JZ_5MC_TSdvZachXKXEleWpWPk-Kdyu4uHzuaj3_uwFg==",cdn-downstream-fbl;dur=325 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=205,atl-edge;dur=182,atl-edge-internal;dur=15,atl-edge-upstream;dur=167,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="_C-cobHnZPjJdN97SBe43TbJtulZGq1NoCA6tyYlc8P0Xx5m04PPog==",cdn-downstream-fbl;dur=211 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2494,15 +2586,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8e52b0323db9e9f5baf300137747fffe.cloudfront.net (CloudFront) + - 1.1 c4c8de00fdd2495cb82daf882e1daacc.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 6V9qSafzz2JZ_5MC_TSdvZachXKXEleWpWPk-Kdyu4uHzuaj3_uwFg== + - _C-cobHnZPjJdN97SBe43TbJtulZGq1NoCA6tyYlc8P0Xx5m04PPog== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN52-P1 X-Arequestid: - - d0c31fec74eb6012ad421e1fd7220d86 + - ae16cde63bccd1666904484014632824 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2526,32 +2622,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2561,9 +2657,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2573,12 +2669,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 281b6a44-f73b-4cd6-a2ab-14d397818fb5 + - 950d72e6-9fba-4ce9-a7c7-ebad308373e5 Atl-Traceid: - - 281b6a44f73b4cd6a2ab14d397818fb5 + - 950d72e69fba4ce9a7c7ebad308373e5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2588,7 +2684,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:29 GMT + - Tue, 04 Nov 2025 18:02:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2598,7 +2694,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=409,atl-edge;dur=407,atl-edge-internal;dur=16,atl-edge-upstream;dur=391,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="ndnWYuJlAkvSOtk796Qd4dgBoMMJCu-wWtTD8WRZKYp4Q82aUNNhDw==",cdn-downstream-fbl;dur=413 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=326,atl-edge;dur=301,atl-edge-internal;dur=19,atl-edge-upstream;dur=284,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="y419r0ZO3D26d1K3DbwKJsCpb5C912VYELwPgA699f-dvjXrAb96Zg==",cdn-downstream-fbl;dur=330 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2608,15 +2704,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 fda8cdb1c5d1bc3e2d4cabe818dc8c5e.cloudfront.net (CloudFront) + - 1.1 befcfd7ee847a3c890471f27612dbcde.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ndnWYuJlAkvSOtk796Qd4dgBoMMJCu-wWtTD8WRZKYp4Q82aUNNhDw== + - y419r0ZO3D26d1K3DbwKJsCpb5C912VYELwPgA699f-dvjXrAb96Zg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P2 X-Arequestid: - - d5c02579ee062455e12c375dc79414ac + - f4a8afa1f9023254d97fb72e5de75313 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2640,7 +2740,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -2654,9 +2754,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - d5b1587d-7ace-418f-b294-0f1fe7f3df2d + - 4215d28c-ff83-4677-97e2-84339612aa0f Atl-Traceid: - - d5b1587d7ace418fb2940f1fe7f3df2d + - 4215d28cff83467797e284339612aa0f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2666,7 +2766,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:31 GMT + - Tue, 04 Nov 2025 18:02:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2676,7 +2776,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=488,atl-edge;dur=487,atl-edge-internal;dur=15,atl-edge-upstream;dur=471,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="Qsl1LryFgTTEhbX0fkWg4mVTCE-WFajBRreMA73pR1ry4AmrBdzRRA==",cdn-downstream-fbl;dur=493 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=419,atl-edge;dur=396,atl-edge-internal;dur=17,atl-edge-upstream;dur=380,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="KwMEjf_fhEUoSol06_7ER4Jy2ef0-xbJPj2H1m4kUSJwOGKrNei1wQ==",cdn-downstream-fbl;dur=423 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2686,18 +2786,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 701510d744831cda18c48da0cb099172.cloudfront.net (CloudFront) + - 1.1 e1dbbcedf936fc7d0284466c9c65e78c.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - Qsl1LryFgTTEhbX0fkWg4mVTCE-WFajBRreMA73pR1ry4AmrBdzRRA== + - KwMEjf_fhEUoSol06_7ER4Jy2ef0-xbJPj2H1m4kUSJwOGKrNei1wQ== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P3 X-Arequestid: - - 79b57d98774ca76e8aed5132794cc751 + - 6daa4f5587e93f1590f81650f6519cb7 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2711,20 +2815,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* Medium\n *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* Medium\n *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2734,9 +2838,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2756,21 +2860,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3562' + - '3560' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - b9bc77b1-9d5a-4b61-bf23-5df81cfd6ad3 + - 07301fee-2f2c-4b77-a529-6cc8f69e956b Atl-Traceid: - - b9bc77b19d5a4b61bf235df81cfd6ad3 + - 07301fee2f2c4b77a5296cc8f69e956b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2778,7 +2882,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:32 GMT + - Tue, 04 Nov 2025 18:02:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2788,7 +2892,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=680,atl-edge;dur=677,atl-edge-internal;dur=14,atl-edge-upstream;dur=663,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="IAkFhJMfHqlEN9qXXNnM2cL6dJMnoRCVfLSdUTXO1DX952mRXR2upA==",cdn-downstream-fbl;dur=691 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=603,atl-edge;dur=579,atl-edge-internal;dur=20,atl-edge-upstream;dur=558,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="cMir0zB98cXT5Kw12uXTy0IGSFjprWY-1wH64dAXYQ43ndOTkAA_1A==",cdn-downstream-fbl;dur=608 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2796,15 +2900,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0cd8fe15d9bdb168de9cd5f22954d220.cloudfront.net (CloudFront) + - 1.1 6d3c3e0af3263a7b3c6878f2fa9bbff6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - IAkFhJMfHqlEN9qXXNnM2cL6dJMnoRCVfLSdUTXO1DX952mRXR2upA== + - cMir0zB98cXT5Kw12uXTy0IGSFjprWY-1wH64dAXYQ43ndOTkAA_1A== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P1 X-Arequestid: - - 119612430dcd24c162b92685a4ec4318 + - 068a2f7c30152724a73a3fddd724dc51 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2828,32 +2936,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:32.402+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:16.604+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* Medium\n *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* Medium\n *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2863,9 +2971,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2875,12 +2983,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 4cf28357-92f9-4b5b-ab05-8d67338a38c5 + - 1c5583e2-783a-4932-84d0-937b91403c25 Atl-Traceid: - - 4cf2835792f94b5bab058d67338a38c5 + - 1c5583e2783a493284d0937b91403c25 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2890,7 +2998,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:34 GMT + - Tue, 04 Nov 2025 18:02:17 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2900,7 +3008,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=402,atl-edge;dur=399,atl-edge-internal;dur=17,atl-edge-upstream;dur=382,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="ASfVHl7h8A7GaM9GiXANv7kdDV-O08KP2s3GB_jn4p4A8cSpZiVHCA==",cdn-downstream-fbl;dur=407 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=361,atl-edge;dur=339,atl-edge-internal;dur=19,atl-edge-upstream;dur=320,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="WWmdLWach6_EiC-NpRc-2C74nLCAvT44B6eeqQVngEMx87hrJ_bEig==",cdn-downstream-fbl;dur=365 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2910,15 +3018,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1d3e75fe2262e8a6f4a318b2bf3e6570.cloudfront.net (CloudFront) + - 1.1 057707d7f80ca305efe5fad72e15b94c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ASfVHl7h8A7GaM9GiXANv7kdDV-O08KP2s3GB_jn4p4A8cSpZiVHCA== + - WWmdLWach6_EiC-NpRc-2C74nLCAvT44B6eeqQVngEMx87hrJ_bEig== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P3 X-Arequestid: - - 5fc80e61bbe0f7c058d67823d7f7c34d + - e0fe52aab773bd8dca6281eb92a39c6e + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2942,17 +3054,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:35.110+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:17.647+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 76c7ea07-0390-47fd-a585-d383b1c3173f + - b0e4bd09-950b-4154-bfce-7a7a32a9b180 Atl-Traceid: - - 76c7ea07039047fda585d383b1c3173f + - b0e4bd09950b4154bfce7a7a32a9b180 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2962,7 +3074,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:35 GMT + - Tue, 04 Nov 2025 18:02:17 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2972,7 +3084,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=326,atl-edge;dur=324,atl-edge-internal;dur=15,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="HzpdwHAqNA7_ms-Agdeqbpb1TubqGM3XTDUqlOvZlvwc3UhdLQy2Og==",cdn-downstream-fbl;dur=329 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=200,atl-edge;dur=176,atl-edge-internal;dur=15,atl-edge-upstream;dur=161,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="0teRSuD506uDmqmqcjG8litU-FyYD0nMf4Tmwo82TFEQhxcGoQJnvg==",cdn-downstream-fbl;dur=203 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2982,15 +3094,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 053b1a4cfd9215b4abb8a58ea35b06aa.cloudfront.net (CloudFront) + - 1.1 153b67ebb1db442b5cea7f360e7f8cb6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - HzpdwHAqNA7_ms-Agdeqbpb1TubqGM3XTDUqlOvZlvwc3UhdLQy2Og== + - 0teRSuD506uDmqmqcjG8litU-FyYD0nMf4Tmwo82TFEQhxcGoQJnvg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - d024df9f5d8436ed832241235b603540 + - 01969eb5a814b88e679421007835b28b + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3014,32 +3130,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:32.402+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:16.604+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* Medium\n *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* Medium\n *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3049,9 +3165,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3061,12 +3177,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - d73f340a-460e-47b9-877d-97bd949dd61e + - 9287b432-8a6b-477c-8bda-04e776059298 Atl-Traceid: - - d73f340a460e47b9877d97bd949dd61e + - 9287b4328a6b477c8bda04e776059298 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3076,7 +3192,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:36 GMT + - Tue, 04 Nov 2025 18:02:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3086,7 +3202,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=413,atl-edge;dur=411,atl-edge-internal;dur=14,atl-edge-upstream;dur=396,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="N7d577kMY-kZmHs3RLsrOTjA8Z3AVOQTKaI7nj8qwtTff7ckQJmL6w==",cdn-downstream-fbl;dur=417 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=295,atl-edge;dur=273,atl-edge-internal;dur=17,atl-edge-upstream;dur=256,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="65GVAZ5M-WBpYboVMCLB11ztgq_zYRtFNx8-GS5QyzpQSUTzHnWoow==",cdn-downstream-fbl;dur=299 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3096,15 +3212,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 adb4605fb7528573053aec50d6f562c8.cloudfront.net (CloudFront) + - 1.1 f65dcddaf4d3d1ea834dd4e676c13038.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - N7d577kMY-kZmHs3RLsrOTjA8Z3AVOQTKaI7nj8qwtTff7ckQJmL6w== + - 65GVAZ5M-WBpYboVMCLB11ztgq_zYRtFNx8-GS5QyzpQSUTzHnWoow== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P3 X-Arequestid: - - ca98c1754bb20b5e9a7d2acd497c7900 + - 2b1c493d36a7239aa31e5f19ad106153 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3128,17 +3248,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:37.665+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:18.362+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - a6e38104-4223-48f8-a993-485c77f32d35 + - ac1ae67c-82d9-4511-8731-138bd4222dcc Atl-Traceid: - - a6e38104422348f8a993485c77f32d35 + - ac1ae67c82d945118731138bd4222dcc Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3148,7 +3268,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:37 GMT + - Tue, 04 Nov 2025 18:02:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3158,7 +3278,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=373,atl-edge;dur=369,atl-edge-internal;dur=15,atl-edge-upstream;dur=354,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="_Jve8zXBfmHLnliGyxhUuMlq3eXo0Xhn0iTEiJ3ej9Q-hZuN4A5XHw==",cdn-downstream-fbl;dur=376 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=218,atl-edge;dur=194,atl-edge-internal;dur=15,atl-edge-upstream;dur=180,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="rc_gvP98kUGw9hxGU9pInLW1FPSAWDWqz-ftLnBKKU-cIA5RCpeicQ==",cdn-downstream-fbl;dur=221 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3168,15 +3288,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 da84bd533f95bc21581ad9f33da5b73a.cloudfront.net (CloudFront) + - 1.1 f6327093dd59f54131617ea3ab04bd94.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - _Jve8zXBfmHLnliGyxhUuMlq3eXo0Xhn0iTEiJ3ej9Q-hZuN4A5XHw== + - rc_gvP98kUGw9hxGU9pInLW1FPSAWDWqz-ftLnBKKU-cIA5RCpeicQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P2 X-Arequestid: - - c5c92fc4a0e98ce1cb8ab3dd3fdc0933 + - 418bf4381df42086b99d13c11fe4f9c7 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3200,32 +3324,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:32.402+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:16.604+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* Medium\n *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* Medium\n *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3235,9 +3359,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3247,12 +3371,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 3e345e28-33ef-41dd-b4ed-715010730bbb + - ec0a253d-040d-4e9c-9c61-4ae4ce26fed0 Atl-Traceid: - - 3e345e2833ef41ddb4ed715010730bbb + - ec0a253d040d4e9c9c614ae4ce26fed0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3262,7 +3386,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:39 GMT + - Tue, 04 Nov 2025 18:02:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3272,7 +3396,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=426,atl-edge;dur=424,atl-edge-internal;dur=14,atl-edge-upstream;dur=410,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="PmOe3DbnldohaOsROAx-DQdXjGCtN4Kok_Nvw3-MffoNNz4R7vdNXA==",cdn-downstream-fbl;dur=429 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=303,atl-edge;dur=279,atl-edge-internal;dur=19,atl-edge-upstream;dur=261,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="sVRnGfux1qMBn7xsr9Tp5lQdVbZ0wRttlilvS7nHJC3AVV8H54eMlA==",cdn-downstream-fbl;dur=307 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3282,15 +3406,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0853add243e6eac9b8f74b5c74814a3e.cloudfront.net (CloudFront) + - 1.1 185338419e21d148fae1747402a58e8a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - PmOe3DbnldohaOsROAx-DQdXjGCtN4Kok_Nvw3-MffoNNz4R7vdNXA== + - sVRnGfux1qMBn7xsr9Tp5lQdVbZ0wRttlilvS7nHJC3AVV8H54eMlA== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P2 X-Arequestid: - - 3b74253a001b091c756dcd5d15c9eb98 + - 570ff8977c1e34b277ab3e617c3ca059 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3314,7 +3442,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -3328,9 +3456,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 811d1bf6-d3f5-4256-bc9a-86e31901eaca + - eb57cbb0-3717-464b-9743-c8f0b21332e0 Atl-Traceid: - - 811d1bf6d3f54256bc9a86e31901eaca + - eb57cbb03717464b9743c8f0b21332e0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3340,7 +3468,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:40 GMT + - Tue, 04 Nov 2025 18:02:19 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3350,7 +3478,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=531,atl-edge;dur=526,atl-edge-internal;dur=15,atl-edge-upstream;dur=511,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="VuAizxz11RSDWEw7z1j4TZFiUjIYKfw5KU6RYAeQHwYnzmwAPUePng==",cdn-downstream-fbl;dur=535 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=429,atl-edge;dur=405,atl-edge-internal;dur=18,atl-edge-upstream;dur=388,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="ktsbO9_jiCfL6nXrqpAjiP0Gz8D_7mC5XD7hZOb5pd1MhIgm9FBKhA==",cdn-downstream-fbl;dur=432 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3360,18 +3488,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f993a09ee51fef62e3d92f6802c130d4.cloudfront.net (CloudFront) + - 1.1 3349382fe72101eee491170c132b7e3c.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - VuAizxz11RSDWEw7z1j4TZFiUjIYKfw5KU6RYAeQHwYnzmwAPUePng== + - ktsbO9_jiCfL6nXrqpAjiP0Gz8D_7mC5XD7hZOb5pd1MhIgm9FBKhA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P2 X-Arequestid: - - 03d46ba651a39a03447eddae9e874dc0 + - ac2fdf85b64a9d9775ca926a7b5f4813 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3385,20 +3517,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified and + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3408,9 +3540,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3430,21 +3562,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3554' + - '3552' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - 561a6c1c-a903-4bea-87ea-1b3168dae999 + - 01c257d5-582f-4338-bdde-5c54168925a8 Atl-Traceid: - - 561a6c1ca9034bea87ea1b3168dae999 + - 01c257d5582f4338bdde5c54168925a8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3452,7 +3584,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:42 GMT + - Tue, 04 Nov 2025 18:02:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3462,7 +3594,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=659,atl-edge;dur=656,atl-edge-internal;dur=15,atl-edge-upstream;dur=641,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="wcqI2BhGiZDp5UbhjFvIp4ccvUcd5nJbaxwQMDa9Ht3f1rr8PBxCsg==",cdn-downstream-fbl;dur=663 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=654,atl-edge;dur=628,atl-edge-internal;dur=15,atl-edge-upstream;dur=612,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="w4B8vupClB96Siy6jxa9ucvkK3W5UdOsKDg07yVvq_zx83zgAGYEgg==",cdn-downstream-fbl;dur=659 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3470,15 +3602,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a7a7ee092ee4b4df82064022cbdb7e94.cloudfront.net (CloudFront) + - 1.1 cb4937748c19bcccb40a5a5875f01552.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - wcqI2BhGiZDp5UbhjFvIp4ccvUcd5nJbaxwQMDa9Ht3f1rr8PBxCsg== + - w4B8vupClB96Siy6jxa9ucvkK3W5UdOsKDg07yVvq_zx83zgAGYEgg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - c05cdd5aa9dd6cd71937593633bf314f + - fa67414b72a74c12a7c4312cc58d4056 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3502,32 +3638,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:41.751+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:19.903+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/246]\n*Defect Dojo link:* http://localhost:8080/finding/246 - (246)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + 0.6.0)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3537,9 +3673,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3549,12 +3685,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 520b0b01-3d1d-4e76-bac9-a4341333bfdf + - 4eb3c00f-29db-4e73-b451-0c56228484d2 Atl-Traceid: - - 520b0b013d1d4e76bac9a4341333bfdf + - 4eb3c00f29db4e73b4510c56228484d2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3564,7 +3700,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:43 GMT + - Tue, 04 Nov 2025 18:02:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3574,7 +3710,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=417,atl-edge;dur=414,atl-edge-internal;dur=16,atl-edge-upstream;dur=399,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="hfme_rP70CvAFwiYqT120Zpm9lXaBTXBrMK-_M0qTVIeflYXH16XsA==",cdn-downstream-fbl;dur=420 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=262,atl-edge;dur=240,atl-edge-internal;dur=16,atl-edge-upstream;dur=222,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="lQgy1v4B9EumMwE8ljoo2-gymI-Ok4Jj2T81cBl4QjfvH3JqJ-SxOg==",cdn-downstream-fbl;dur=266 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3584,15 +3720,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b39f0409e845bde1b97cd11f1d544d4e.cloudfront.net (CloudFront) + - 1.1 6767782218a3548f894151ef053fe67e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - hfme_rP70CvAFwiYqT120Zpm9lXaBTXBrMK-_M0qTVIeflYXH16XsA== + - lQgy1v4B9EumMwE8ljoo2-gymI-Ok4Jj2T81cBl4QjfvH3JqJ-SxOg== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P3 X-Arequestid: - - 1fcc61942702b781825f188c2110ac38 + - 33707d82c635970cc166e449d3358406 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3616,17 +3756,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:44.435+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:20.777+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 1579fb0e-c930-4186-9a20-2fcfa46992b4 + - 74e18565-d099-4ad6-9d6b-d28d96bf8459 Atl-Traceid: - - 1579fb0ec93041869a202fcfa46992b4 + - 74e18565d0994ad69d6bd28d96bf8459 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3636,7 +3776,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:44 GMT + - Tue, 04 Nov 2025 18:02:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3646,7 +3786,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=325,atl-edge;dur=322,atl-edge-internal;dur=15,atl-edge-upstream;dur=308,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="G_x4owpeotz2XEZHgWs5Uuxqfo8-L7sWLOj77GX-fULEyslo5j9mUw==",cdn-downstream-fbl;dur=328 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=192,atl-edge;dur=169,atl-edge-internal;dur=16,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="0TaBKfnLKtbgnXw2Qdtr1eDydCIKD399_fj8MNHlgv68MVYnsxmo2g==",cdn-downstream-fbl;dur=196 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3656,15 +3796,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 903696f43fdfc4019d7102b6711e9fca.cloudfront.net (CloudFront) + - 1.1 78848e87583c98ba04111361257adc96.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - G_x4owpeotz2XEZHgWs5Uuxqfo8-L7sWLOj77GX-fULEyslo5j9mUw== + - 0TaBKfnLKtbgnXw2Qdtr1eDydCIKD399_fj8MNHlgv68MVYnsxmo2g== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P3 X-Arequestid: - - 2160cf15d66b64c33bee611478065b84 + - 1c2d36b4f8924bdf469af152b9f32e38 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3688,32 +3832,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:41.751+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:19.903+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/246]\n*Defect Dojo link:* http://localhost:8080/finding/246 - (246)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + 0.6.0)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3723,9 +3867,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3735,12 +3879,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 43c93ab6-0229-4c54-883d-3741b96423ea + - cc51c816-6c4d-4b18-8e3f-fd5570bb454c Atl-Traceid: - - 43c93ab602294c54883d3741b96423ea + - cc51c8166c4d4b188e3ffd5570bb454c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3750,7 +3894,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:45 GMT + - Tue, 04 Nov 2025 18:02:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3760,7 +3904,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=441,atl-edge;dur=439,atl-edge-internal;dur=13,atl-edge-upstream;dur=426,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="dpW_DMJy5zXyyt4NPw43_JNpI4HmIDQcboNeydV0l2omkjYF5DTswA==",cdn-downstream-fbl;dur=444 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=357,atl-edge;dur=265,atl-edge-internal;dur=22,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="OT0tZjbdTj4Q0GhynMs_mtY29Pdgw1jVqZR7IEcz5I6qRaxLbhrV4w==",cdn-downstream-fbl;dur=362 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3770,15 +3914,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 48e2dac80dc53d66fef4721e63ea9f44.cloudfront.net (CloudFront) + - 1.1 fb583d18c6b0f24d4447146b294e4f68.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - dpW_DMJy5zXyyt4NPw43_JNpI4HmIDQcboNeydV0l2omkjYF5DTswA== + - OT0tZjbdTj4Q0GhynMs_mtY29Pdgw1jVqZR7IEcz5I6qRaxLbhrV4w== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P3 X-Arequestid: - - 10ba2168dedfdeb03a7f9aa0529f2b75 + - 5d83d2afbfce3bf3e5ae58b331faba05 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3802,17 +3950,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:46.924+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:21.464+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 21ffd869-6014-462c-b248-bd94e7c28edc + - 687b50ac-ec0e-44a3-9d58-fd99f66384fd Atl-Traceid: - - 21ffd8696014462cb248bd94e7c28edc + - 687b50acec0e44a39d58fd99f66384fd Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3822,7 +3970,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:47 GMT + - Tue, 04 Nov 2025 18:02:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3832,7 +3980,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=327,atl-edge;dur=322,atl-edge-internal;dur=13,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="6VsfvgKWJhpxN4at5Turp7GDClyhwoRyEA__EpiMR-EXzYk60q8Iwg==",cdn-downstream-fbl;dur=330 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=197,atl-edge;dur=174,atl-edge-internal;dur=18,atl-edge-upstream;dur=156,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="ZQN2BfOEdAKhFoAt9OZ0N58efP6aofU9tNgPeSZvtwL-shLpVjX9HA==",cdn-downstream-fbl;dur=202 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3842,15 +3990,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 352b1001018ea123117ef28ad154f522.cloudfront.net (CloudFront) + - 1.1 2049902380178fd7b885115d80ccf966.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 6VsfvgKWJhpxN4at5Turp7GDClyhwoRyEA__EpiMR-EXzYk60q8Iwg== + - ZQN2BfOEdAKhFoAt9OZ0N58efP6aofU9tNgPeSZvtwL-shLpVjX9HA== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN52-P3 X-Arequestid: - - f418272caccb8d2147c4d558674e736f + - 229239e5000d8dd0c8e8ba625cfd4704 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3874,32 +4026,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:41.751+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:19.903+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/246]\n*Defect Dojo link:* http://localhost:8080/finding/246 - (246)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + 0.6.0)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3909,9 +4061,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3921,12 +4073,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 6722837c-e5b0-4f12-9444-5843ba718b6e + - 5faf540f-0924-41b3-ac00-52853f96beaf Atl-Traceid: - - 6722837ce5b04f1294445843ba718b6e + - 5faf540f092441b3ac0052853f96beaf Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3936,7 +4088,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:48 GMT + - Tue, 04 Nov 2025 18:02:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3946,7 +4098,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=413,atl-edge;dur=410,atl-edge-internal;dur=16,atl-edge-upstream;dur=394,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="ATzhvy2a-PIuET60o8koOVbNx986h8hTsk_fa4rrdZvH6l3XjslNyQ==",cdn-downstream-fbl;dur=416 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=266,atl-edge;dur=243,atl-edge-internal;dur=16,atl-edge-upstream;dur=225,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="rswtz3OxLDcQEuIK6ZW0R1GZW5YtX4c1Pl9HXjOlw_I9UYPPTcc9cg==",cdn-downstream-fbl;dur=269 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3956,15 +4108,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f5bc0d54a76b57b6f435f98d3e741ea4.cloudfront.net (CloudFront) + - 1.1 a0b647da77edd97cca88fb4c4b1a9d08.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ATzhvy2a-PIuET60o8koOVbNx986h8hTsk_fa4rrdZvH6l3XjslNyQ== + - rswtz3OxLDcQEuIK6ZW0R1GZW5YtX4c1Pl9HXjOlw_I9UYPPTcc9cg== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN52-P3 X-Arequestid: - - 31ba58eebd3eacf9ffc61b64f7de43df + - ee93271a45c760e65898abf3bb73720a + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3988,17 +4144,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:49.396+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:22.089+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - a6890f7e-ebd3-472c-b471-7a08447f6050 + - 2822b0a1-2381-4898-adfc-01f5c6446f77 Atl-Traceid: - - a6890f7eebd3472cb4717a08447f6050 + - 2822b0a123814898adfc01f5c6446f77 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4008,7 +4164,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:49 GMT + - Tue, 04 Nov 2025 18:02:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4018,7 +4174,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=319,atl-edge;dur=317,atl-edge-internal;dur=13,atl-edge-upstream;dur=304,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="tUeMqBFrnEb9pxvhpu_jLQVQCmhEf2omz7sdgnMT2BLkM0RoYD1Tlw==",cdn-downstream-fbl;dur=322 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=198,atl-edge;dur=173,atl-edge-internal;dur=15,atl-edge-upstream;dur=158,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="880lPGrOwzakRp5eLoiSlW4K6O4oM-JN4AyoHA53PKQ-8dHee9TXDA==",cdn-downstream-fbl;dur=203 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4028,15 +4184,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 903696f43fdfc4019d7102b6711e9fca.cloudfront.net (CloudFront) + - 1.1 89771419757f75b08f6c8fd411f8ef54.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - tUeMqBFrnEb9pxvhpu_jLQVQCmhEf2omz7sdgnMT2BLkM0RoYD1Tlw== + - 880lPGrOwzakRp5eLoiSlW4K6O4oM-JN4AyoHA53PKQ-8dHee9TXDA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P1 X-Arequestid: - - 3b4835ee692f5695f1710e5d47374cea + - 40bd4fa845184618839ea8aa67c1ae16 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '347' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4060,32 +4220,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:41.751+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:19.903+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/246]\n*Defect Dojo link:* http://localhost:8080/finding/246 - (246)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + 0.6.0)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4095,9 +4255,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4107,12 +4267,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 67c1370a-bc1a-4f55-9e71-b1b4b738051b + - 63abcc9a-dffc-4ece-a76c-e2f9d667fd10 Atl-Traceid: - - 67c1370abc1a4f559e71b1b4b738051b + - 63abcc9adffc4ecea76ce2f9d667fd10 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4122,7 +4282,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:50 GMT + - Tue, 04 Nov 2025 18:02:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4132,7 +4292,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=434,atl-edge;dur=432,atl-edge-internal;dur=14,atl-edge-upstream;dur=419,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="ba8SHxFLLGg68-f76vSEtFAO7fQXb1Ov-0j6uDQVYtvLY0GugrpJpg==",cdn-downstream-fbl;dur=437 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=353,atl-edge;dur=330,atl-edge-internal;dur=17,atl-edge-upstream;dur=313,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="1pMJWHmN_3EOqCq9a4w_biaZxFl52ZvHu6VAv68O4h2BnwgMs5P2KQ==",cdn-downstream-fbl;dur=357 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4142,15 +4302,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e6e7ea42488c65b080113b45f9cdebb4.cloudfront.net (CloudFront) + - 1.1 94d9d221defc9832eeda31acd3f6f552.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ba8SHxFLLGg68-f76vSEtFAO7fQXb1Ov-0j6uDQVYtvLY0GugrpJpg== + - 1pMJWHmN_3EOqCq9a4w_biaZxFl52ZvHu6VAv68O4h2BnwgMs5P2KQ== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - 400c59e18b45e8e3fa0002b2094c21c3 + - cfccbfc79ed740076668c127d4688744 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '396' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4174,17 +4338,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:51.948+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:22.814+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - c3602a7e-0a1b-4be5-b2c2-69c3d6a43cb5 + - eca1e81f-0a94-4a03-b9bd-4a93f6a84b6d Atl-Traceid: - - c3602a7e0a1b4be5b2c269c3d6a43cb5 + - eca1e81f0a944a03b9bd4a93f6a84b6d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4194,7 +4358,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:52 GMT + - Tue, 04 Nov 2025 18:02:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4204,7 +4368,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=319,atl-edge;dur=317,atl-edge-internal;dur=14,atl-edge-upstream;dur=304,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="1leZgygHib8gl1z5CDyOOHJ9-3vsXNMVV2fHg41qWYi7kg377pzVSw==",cdn-downstream-fbl;dur=322 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=193,atl-edge;dur=170,atl-edge-internal;dur=15,atl-edge-upstream;dur=155,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="jXY1uKBLKaT59_SDOMTLB73M4F2RM4inplIprXEu-_qK2TVwIN-VoA==",cdn-downstream-fbl;dur=197 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4214,15 +4378,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e3f64b5e1795622ac1fd367fad798c10.cloudfront.net (CloudFront) + - 1.1 d18c8670421cff5c9fa297b260cb2814.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 1leZgygHib8gl1z5CDyOOHJ9-3vsXNMVV2fHg41qWYi7kg377pzVSw== + - jXY1uKBLKaT59_SDOMTLB73M4F2RM4inplIprXEu-_qK2TVwIN-VoA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P2 X-Arequestid: - - 6dfbd41566df0c1f41a7ac92e2e042e5 + - 5f9fc9cf6d353db1070c2ce65d6ee085 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '346' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4246,32 +4414,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:41.751+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:19.903+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/246]\n*Defect Dojo link:* http://localhost:8080/finding/246 - (246)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + 0.6.0)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4281,9 +4449,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4293,12 +4461,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 41b67b2c-b626-40ba-bac9-fc39a923c7d3 + - e29016e5-2b61-4ad7-a841-5c6f1ffa5b88 Atl-Traceid: - - 41b67b2cb62640babac9fc39a923c7d3 + - e29016e52b614ad7a8415c6f1ffa5b88 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4308,7 +4476,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:53 GMT + - Tue, 04 Nov 2025 18:02:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4318,7 +4486,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=425,atl-edge;dur=421,atl-edge-internal;dur=17,atl-edge-upstream;dur=405,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="mE9B1enCL4xDj7R0IVSyX8q5udCQXBNF6LcKss-beW4OL4H27GsliA==",cdn-downstream-fbl;dur=429 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=312,atl-edge;dur=289,atl-edge-internal;dur=16,atl-edge-upstream;dur=273,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="IpfW2dTSUI44CfpFjY1wyc7RmTVxoEJqC6LoedNzO-mwplIp053yaQ==",cdn-downstream-fbl;dur=315 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4328,15 +4496,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f10eedb52fc0d82204e85d20112deafa.cloudfront.net (CloudFront) + - 1.1 51185e40453f61916e037fc6db50766c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - mE9B1enCL4xDj7R0IVSyX8q5udCQXBNF6LcKss-beW4OL4H27GsliA== + - IpfW2dTSUI44CfpFjY1wyc7RmTVxoEJqC6LoedNzO-mwplIp053yaQ== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P3 X-Arequestid: - - 90e17906990c9815bb48ab4bc10d85d1 + - d81f8e468ee18767472c4e7e01b201f8 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '395' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4360,7 +4532,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -4374,9 +4546,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - d83ee3b5-0e28-4302-bf88-5613d4394d37 + - 5f1f2d03-c16d-4955-a9f5-4c05b2bc082c Atl-Traceid: - - d83ee3b50e284302bf885613d4394d37 + - 5f1f2d03c16d4955a9f54c05b2bc082c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4386,7 +4558,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:54 GMT + - Tue, 04 Nov 2025 18:02:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4396,7 +4568,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=479,atl-edge;dur=477,atl-edge-internal;dur=13,atl-edge-upstream;dur=464,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="0zxbWx8U8wpUOxVPbZrapT0HeMgiYdixZLbFdFbbNw99yS9k0gFVBA==",cdn-downstream-fbl;dur=483 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=358,atl-edge;dur=335,atl-edge-internal;dur=22,atl-edge-upstream;dur=313,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="sM8fwxHxq_B2PqZMcjrcgbC-5sLYKRyH70Ul5GaznVzvbdt2dz9IcQ==",cdn-downstream-fbl;dur=361 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4406,18 +4578,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3d26345933183b6a437e0f8ba3c37df8.cloudfront.net (CloudFront) + - 1.1 20c46424adb033d4de178e11a807b304.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 0zxbWx8U8wpUOxVPbZrapT0HeMgiYdixZLbFdFbbNw99yS9k0gFVBA== + - sM8fwxHxq_B2PqZMcjrcgbC-5sLYKRyH70Ul5GaznVzvbdt2dz9IcQ== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P3 X-Arequestid: - - 04a7e67904697814c3760461514ade57 + - 804a816c21eaf24300509ecb38dd5507 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4431,20 +4607,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified and + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4454,9 +4630,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4476,21 +4652,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3569' + - '3567' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - ecfcbc75-5a1b-410e-a23a-18d82872f5d2 + - 5e4a76c4-2c55-4756-87d4-5a8ec9255775 Atl-Traceid: - - ecfcbc755a1b410ea23a18d82872f5d2 + - 5e4a76c42c55475687d45a8ec9255775 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4498,7 +4674,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:56 GMT + - Tue, 04 Nov 2025 18:02:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4508,7 +4684,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=732,atl-edge;dur=730,atl-edge-internal;dur=16,atl-edge-upstream;dur=714,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="6eZjj8HHRI2CyzlN7EW3aehpZQ8tzNLRyr4Qi7SjFqGSlVGNRC7o3A==",cdn-downstream-fbl;dur=737 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=686,atl-edge;dur=596,atl-edge-internal;dur=16,atl-edge-upstream;dur=578,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="s55Hg-FMAK2BF6raSImonxHF7Q-u10K4gbf3AIrmmqLoiP57cVpeBw==",cdn-downstream-fbl;dur=691 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4516,15 +4692,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0cd8fe15d9bdb168de9cd5f22954d220.cloudfront.net (CloudFront) + - 1.1 c3ec3fa9c5962899febb10c3fdc31872.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 6eZjj8HHRI2CyzlN7EW3aehpZQ8tzNLRyr4Qi7SjFqGSlVGNRC7o3A== + - s55Hg-FMAK2BF6raSImonxHF7Q-u10K4gbf3AIrmmqLoiP57cVpeBw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P2 X-Arequestid: - - 533fd9f775e98c2345237cd9426193ea + - 5bebbc7c18cad54fcbfa61b0fdbd2e6c + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4548,32 +4728,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:56.046+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:24.236+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4583,9 +4763,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4595,12 +4775,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 8400f199-65b4-414f-baf7-5592054c1f69 + - e8dfb429-82a2-4913-9676-ef1e7db01c69 Atl-Traceid: - - 8400f19965b4414fbaf75592054c1f69 + - e8dfb42982a249139676ef1e7db01c69 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4610,7 +4790,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:57 GMT + - Tue, 04 Nov 2025 18:02:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4620,7 +4800,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=432,atl-edge;dur=430,atl-edge-internal;dur=18,atl-edge-upstream;dur=412,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="_XrlV-yHHkh4t90-abrrrC91x0ByE5UYpCCNLNxWjgQpS9F1S8-0fw==",cdn-downstream-fbl;dur=436 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=270,atl-edge;dur=248,atl-edge-internal;dur=16,atl-edge-upstream;dur=232,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="VeqylHLio8CVvKGruHDMtmZCr3l4kgov2bpTNSYfujEf59PJohGSsw==",cdn-downstream-fbl;dur=274 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4630,15 +4810,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9d6e86f5b232838ca6f2f480892525b2.cloudfront.net (CloudFront) + - 1.1 91ce9b89afcd32f5bca16bfe69ee21c2.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - _XrlV-yHHkh4t90-abrrrC91x0ByE5UYpCCNLNxWjgQpS9F1S8-0fw== + - VeqylHLio8CVvKGruHDMtmZCr3l4kgov2bpTNSYfujEf59PJohGSsw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P1 X-Arequestid: - - d7afb007393d480cd76e8a7abe2f52e6 + - 76316377dd541fb74e21401d0a8d2bd3 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4662,17 +4846,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:58.831+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:25.203+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - edbdf0e2-3afa-4a0e-8ea0-dc5e12540981 + - 1f4b4c5f-4bcb-4864-a104-5aa50bd85c8c Atl-Traceid: - - edbdf0e23afa4a0e8ea0dc5e12540981 + - 1f4b4c5f4bcb4864a1045aa50bd85c8c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4682,7 +4866,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:58 GMT + - Tue, 04 Nov 2025 18:02:25 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4692,7 +4876,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=335,atl-edge;dur=332,atl-edge-internal;dur=14,atl-edge-upstream;dur=319,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="R7I2-fTcaCkqcqWE3EQ-vg-SHcF1ZsnBxxwm72QbrNkfPRDS6yX0mw==",cdn-downstream-fbl;dur=339 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=273,atl-edge;dur=183,atl-edge-internal;dur=24,atl-edge-upstream;dur=159,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="fQ4bGgNUnmCBFvheKbWLDsUu5bAKJXPxyMzSK10OAVYU3vjbriNIQg==",cdn-downstream-fbl;dur=277 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4702,15 +4886,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 bc177ce25ddc555a7d303bc4d290a6ec.cloudfront.net (CloudFront) + - 1.1 16d72e0791ff01fc4470d27fc024527a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - R7I2-fTcaCkqcqWE3EQ-vg-SHcF1ZsnBxxwm72QbrNkfPRDS6yX0mw== + - fQ4bGgNUnmCBFvheKbWLDsUu5bAKJXPxyMzSK10OAVYU3vjbriNIQg== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P2 X-Arequestid: - - f7c14dd99f240affc87e565dd2c73000 + - 02d48cf190374fc86b16af4accf371d7 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4734,32 +4922,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:56.046+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:24.236+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4769,9 +4957,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4781,12 +4969,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 7ba6e8f0-3034-4de2-a3fc-4b9be3127dd7 + - 701ffec8-07e8-4cc8-beaa-e7589f2d4d84 Atl-Traceid: - - 7ba6e8f030344de2a3fc4b9be3127dd7 + - 701ffec807e84cc8beaae7589f2d4d84 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4796,7 +4984,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:00 GMT + - Tue, 04 Nov 2025 18:02:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4806,7 +4994,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=426,atl-edge;dur=424,atl-edge-internal;dur=15,atl-edge-upstream;dur=409,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="3ptf39W8aQ8CanFBzy2Lu86HgdWEOyIXufUrQ6v0rkaARx_8x9ibYw==",cdn-downstream-fbl;dur=430 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=756,atl-edge;dur=668,atl-edge-internal;dur=23,atl-edge-upstream;dur=645,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="mIK4SyiIdDVu6RGtG5tCHeQAmcJu0xKZFMg_GJeDO6EtdP5G5CHN4g==",cdn-downstream-fbl;dur=761 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4816,15 +5004,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0c5c9092233f69156c68308fd823bd58.cloudfront.net (CloudFront) + - 1.1 cb4937748c19bcccb40a5a5875f01552.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 3ptf39W8aQ8CanFBzy2Lu86HgdWEOyIXufUrQ6v0rkaARx_8x9ibYw== + - mIK4SyiIdDVu6RGtG5tCHeQAmcJu0xKZFMg_GJeDO6EtdP5G5CHN4g== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P1 X-Arequestid: - - 4753419605d52bfc27fc8ada048a982b + - 46b14ce616c15f26c99f15f0242f139c + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4848,7 +5040,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -4862,9 +5054,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 97ab9ab6-d19e-4ac7-b453-146d97f06c52 + - 91123068-c739-49f8-9735-4d8165d59ba2 Atl-Traceid: - - 97ab9ab6d19e4ac7b453146d97f06c52 + - 91123068c73949f897354d8165d59ba2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4874,7 +5066,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:01 GMT + - Tue, 04 Nov 2025 18:02:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4884,7 +5076,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=470,atl-edge;dur=468,atl-edge-internal;dur=15,atl-edge-upstream;dur=453,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="_Vp4IkTlUNjXH0oEbgyJNr1O1cneAfJRNFyFLEDZKHTOrvemZEiWzw==",cdn-downstream-fbl;dur=473 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=485,atl-edge;dur=396,atl-edge-internal;dur=20,atl-edge-upstream;dur=372,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="AqvsB_y8_rvzry1Pzab-nQYaNJe4pKSotehyV8aHE6qs8lQ9BvMbFw==",cdn-downstream-fbl;dur=488 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4894,18 +5086,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f1646a7b70ef690faac638f9c1dd2364.cloudfront.net (CloudFront) + - 1.1 64544648f8289d0bd61ef02997afb698.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - _Vp4IkTlUNjXH0oEbgyJNr1O1cneAfJRNFyFLEDZKHTOrvemZEiWzw== + - AqvsB_y8_rvzry1Pzab-nQYaNJe4pKSotehyV8aHE6qs8lQ9BvMbFw== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P3 X-Arequestid: - - f6b39322e36636c1db22f112e9b7eb5f + - 73c1cc123a70221112e623f422cf6a61 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4919,20 +5115,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* High *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4942,9 +5138,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4964,21 +5160,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3573' + - '3572' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - c89b407d-62f7-44e5-9f97-cd514707b0a9 + - 6c0835c8-c46a-47af-b2d1-529803d3187e Atl-Traceid: - - c89b407d62f744e59f97cd514707b0a9 + - 6c0835c8c46a47afb2d1529803d3187e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4986,7 +5182,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:03 GMT + - Tue, 04 Nov 2025 18:02:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4996,7 +5192,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="bP-G37a89SS3vjOU-NS0RT7kzB5Jh3FQ1PgcMmUfcPSQHKFgNHB5cw==",cdn-downstream-fbl;dur=748,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=3,cdn-upstream-fbl;dur=745,atl-edge;dur=739,atl-edge-internal;dur=15,atl-edge-upstream;dur=724,atl-edge-pop;desc="aws-ap-southeast-2" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=655,atl-edge;dur=631,atl-edge-internal;dur=15,atl-edge-upstream;dur=616,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="M8BsbPNg6JPvGWu1PlT0Pyv6lVgFrE9URhwnN215kPDxeDUhmL4KDA==",cdn-downstream-fbl;dur=659 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5004,15 +5200,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 d3f1182213e75f053a9e7404f079d540.cloudfront.net (CloudFront) + - 1.1 db94b8e3e5f45aab1e90db086a8debc0.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - bP-G37a89SS3vjOU-NS0RT7kzB5Jh3FQ1PgcMmUfcPSQHKFgNHB5cw== + - M8BsbPNg6JPvGWu1PlT0Pyv6lVgFrE9URhwnN215kPDxeDUhmL4KDA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - 3a4456a163ee6352652f931468a4b203 + - f90b26e068979b5ae9420c34a55ad1d0 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5036,32 +5236,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:02.884+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:27.082+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* High *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5071,9 +5271,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5083,12 +5283,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 81400ede-dfb8-4fff-bf59-8375f44b68f1 + - 4eae537c-d355-44a8-8f77-be67905c5cf4 Atl-Traceid: - - 81400ededfb84fffbf598375f44b68f1 + - 4eae537cd35544a88f77be67905c5cf4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5098,7 +5298,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:04 GMT + - Tue, 04 Nov 2025 18:02:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5108,7 +5308,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=418,atl-edge;dur=415,atl-edge-internal;dur=16,atl-edge-upstream;dur=400,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="7vGXiscnEnA9waYEk87A_4bEN7CAGHgDHCurc6g7SeM_ivZYLEGnjQ==",cdn-downstream-fbl;dur=421 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=340,atl-edge;dur=317,atl-edge-internal;dur=16,atl-edge-upstream;dur=301,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="NPfl8EGZ9a4ePeNO1bYPwYn4tU5OA3NXHpVl7w9WDJvJaHGH_OnJKQ==",cdn-downstream-fbl;dur=344 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5118,15 +5318,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8ccca629f0b1ca48e2e69a056f61f9a6.cloudfront.net (CloudFront) + - 1.1 f0a2a95cb4d25b2414a9c1a7a754943e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 7vGXiscnEnA9waYEk87A_4bEN7CAGHgDHCurc6g7SeM_ivZYLEGnjQ== + - NPfl8EGZ9a4ePeNO1bYPwYn4tU5OA3NXHpVl7w9WDJvJaHGH_OnJKQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P2 X-Arequestid: - - a33acb96444771ae4835f221cb178a85 + - 4b013436975334dac71b5a4a95663298 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5152,17 +5356,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/transitions + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/transitions response: body: string: '' headers: Atl-Request-Id: - - bf37831a-8101-4755-8586-7a191ff86cf9 + - e318c0b2-404d-418a-ad27-51c03002fc80 Atl-Traceid: - - bf37831a8101475585867a191ff86cf9 + - e318c0b2404d418aad2751c03002fc80 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5170,7 +5374,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:06 GMT + - Tue, 04 Nov 2025 18:02:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5180,7 +5384,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=632,atl-edge;dur=630,atl-edge-internal;dur=15,atl-edge-upstream;dur=614,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="0r0FbsOpbohvxvYT9LOyS-t5EaeynQyAKYw5Pef7IukRNR85RiMKdA==",cdn-downstream-fbl;dur=637 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=699,atl-edge;dur=675,atl-edge-internal;dur=18,atl-edge-upstream;dur=658,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="IR71YWtovfyr_it1N_h3rU9HL4Zc7X63-R6GTE6z5da29SvZGcvxNw==",cdn-downstream-fbl;dur=702 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5188,15 +5392,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 59304f445e251c540e46633ed3dd4f64.cloudfront.net (CloudFront) + - 1.1 b5a2e617d7392a245dec0250ae9c6002.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 0r0FbsOpbohvxvYT9LOyS-t5EaeynQyAKYw5Pef7IukRNR85RiMKdA== + - IR71YWtovfyr_it1N_h3rU9HL4Zc7X63-R6GTE6z5da29SvZGcvxNw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P3 X-Arequestid: - - d27ea474430cd26e2752a742e9053729 + - c29c3ac0da5eb8b4309793ef9f63c36f + X-Beta-Ratelimit-Limit: + - '200' + X-Beta-Ratelimit-Remaining: + - '199' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5220,17 +5428,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:07.184+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:28.855+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 30cd79c4-8c53-4bd8-a25a-4758b1592ab6 + - 76b4e1d5-a31b-464c-94ae-60353561bde4 Atl-Traceid: - - 30cd79c48c534bd8a25a4758b1592ab6 + - 76b4e1d5a31b464c94ae60353561bde4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5240,7 +5448,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:07 GMT + - Tue, 04 Nov 2025 18:02:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5250,7 +5458,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=326,atl-edge;dur=325,atl-edge-internal;dur=14,atl-edge-upstream;dur=311,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="ieqvJFIAds223mz3kxdijPb-wv2KRDH2F3ivEWFXa5IvOq9_rxEx6w==",cdn-downstream-fbl;dur=330 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=266,atl-edge;dur=176,atl-edge-internal;dur=23,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="0cHjzpUYaf1RmN2UfXsV1qVWcpC3AqAQKLWo1i4UwGXp8DzStFIOaA==",cdn-downstream-fbl;dur=269 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5260,15 +5468,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3437ef72cec711eb0ebed9222a22cf66.cloudfront.net (CloudFront) + - 1.1 99f4e9fd554682341f34ffd484d44998.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ieqvJFIAds223mz3kxdijPb-wv2KRDH2F3ivEWFXa5IvOq9_rxEx6w== + - 0cHjzpUYaf1RmN2UfXsV1qVWcpC3AqAQKLWo1i4UwGXp8DzStFIOaA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P1 X-Arequestid: - - cb0ac526daf0af7c5259caa3be993c0e + - 69984953ed411b7b0aa2ea595befc83f + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5292,31 +5504,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:05.748+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:28.160+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* High *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5326,9 +5538,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5338,12 +5550,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - e2325969-ac02-47b1-bd45-4198f3584c22 + - 85062ccd-d61a-4d7a-8136-14e7e49c427c Atl-Traceid: - - e2325969ac0247b1bd454198f3584c22 + - 85062ccdd61a4d7a813614e7e49c427c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5353,7 +5565,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:08 GMT + - Tue, 04 Nov 2025 18:02:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5363,7 +5575,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=437,atl-edge;dur=434,atl-edge-internal;dur=16,atl-edge-upstream;dur=419,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="WWJvCeTLXDWUpENBi8zaLSq0DDqktQ5yiqcuh1r4z_yoFLPa7uVLpA==",cdn-downstream-fbl;dur=441 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=430,atl-edge;dur=339,atl-edge-internal;dur=20,atl-edge-upstream;dur=317,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="P_u679crHqEzpRwu3Z6uz8bDrSJgqFr9HjFTKAHrYfeIP9wFw74aIA==",cdn-downstream-fbl;dur=433 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5373,15 +5585,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 00f0469d54a973389150a36c64065326.cloudfront.net (CloudFront) + - 1.1 f0ef5666a43050928ff9758d51713e72.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - WWJvCeTLXDWUpENBi8zaLSq0DDqktQ5yiqcuh1r4z_yoFLPa7uVLpA== + - P_u679crHqEzpRwu3Z6uz8bDrSJgqFr9HjFTKAHrYfeIP9wFw74aIA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P1 X-Arequestid: - - 32f78d7b37ce2fde2a6f0741cc0bd59f + - ddfeb3714c3598a803d35afe890aa0f2 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5405,17 +5621,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:09.687+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:29.670+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - cc256628-176c-4aa2-ab1d-971adbcf397e + - 0ea5aafc-2b64-46e2-a588-b4d7d70bd5a5 Atl-Traceid: - - cc256628176c4aa2ab1d971adbcf397e + - 0ea5aafc2b6446e2a588b4d7d70bd5a5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5425,7 +5641,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:09 GMT + - Tue, 04 Nov 2025 18:02:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5435,7 +5651,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=328,atl-edge;dur=322,atl-edge-internal;dur=14,atl-edge-upstream;dur=308,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="ce3ctW-5-8CBNlZdjWfGm5XLeyvcFndBRZo0dYLQlQuS9f9vahsrmw==",cdn-downstream-fbl;dur=332 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=198,atl-edge;dur=175,atl-edge-internal;dur=14,atl-edge-upstream;dur=160,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="hm1eeI7e3RynwJYjjKvAf5FCmMsa5OWana5C6u_NXxV_jp2OpjPekA==",cdn-downstream-fbl;dur=201 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5445,15 +5661,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 82008a7e089b84e7f0a6d8d139a4e3de.cloudfront.net (CloudFront) + - 1.1 da745b01c27611dac38d175371cb7b54.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ce3ctW-5-8CBNlZdjWfGm5XLeyvcFndBRZo0dYLQlQuS9f9vahsrmw== + - hm1eeI7e3RynwJYjjKvAf5FCmMsa5OWana5C6u_NXxV_jp2OpjPekA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P2 X-Arequestid: - - eb80aa691e1c7ea8db1479c96fe6257c + - 3ed200499a43fc519641aa2dd72fbaf2 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5477,31 +5697,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:05.748+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:28.160+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* High *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5511,9 +5731,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5523,12 +5743,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 61ccfa73-717f-4072-9472-163f7a80f192 + - 2ed7b440-b994-467f-9323-aa4bcad1e65e Atl-Traceid: - - 61ccfa73717f40729472163f7a80f192 + - 2ed7b440b994467f9323aa4bcad1e65e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5538,7 +5758,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:11 GMT + - Tue, 04 Nov 2025 18:02:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5548,7 +5768,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=407,atl-edge;dur=405,atl-edge-internal;dur=17,atl-edge-upstream;dur=386,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="oF1l-2irq1VoYqMdL13w4yEX7wmDRiG8_xwopPO9oXZm5POuBNz84Q==",cdn-downstream-fbl;dur=411 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=308,atl-edge;dur=283,atl-edge-internal;dur=17,atl-edge-upstream;dur=267,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="Qy8aJ2Wbzi0R46MhwPjsDT0vqRGdejoHowouTYwUanEJ7Fi4NoPpkQ==",cdn-downstream-fbl;dur=312 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5558,15 +5778,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3e4f9c0400441c93ce3468dd26ef9ee4.cloudfront.net (CloudFront) + - 1.1 1a5bcf25cf6144683736a6579a7fb98e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - oF1l-2irq1VoYqMdL13w4yEX7wmDRiG8_xwopPO9oXZm5POuBNz84Q== + - Qy8aJ2Wbzi0R46MhwPjsDT0vqRGdejoHowouTYwUanEJ7Fi4NoPpkQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P2 X-Arequestid: - - c1772ea9b8f14e4c17e8b1299c80f57f + - bcdd2be845605b1af6e83a93d85706d1 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5590,17 +5814,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:12.223+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:30.412+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - ab5e7821-b9e9-4f0d-85da-976006f76182 + - dc8a785e-7f1a-4ed3-8f3b-a44e6cc0d9f0 Atl-Traceid: - - ab5e7821b9e94f0d85da976006f76182 + - dc8a785e7f1a4ed38f3ba44e6cc0d9f0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5610,7 +5834,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:12 GMT + - Tue, 04 Nov 2025 18:02:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5620,7 +5844,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=328,atl-edge;dur=326,atl-edge-internal;dur=13,atl-edge-upstream;dur=313,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="wlxgtAjN1p2_Y5y5rRiy1xViSFIl0MicFhmFAIqo6eLMTHwxaaIcPw==",cdn-downstream-fbl;dur=333 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=189,atl-edge;dur=167,atl-edge-internal;dur=14,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="hXD5-bcewdUjjXxgpMsngfnZa31qeEQo8u7qeeI4cawgXXo5_kGFCA==",cdn-downstream-fbl;dur=193 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5630,15 +5854,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e6e7ea42488c65b080113b45f9cdebb4.cloudfront.net (CloudFront) + - 1.1 9379390e7d447e1d911f7741c8ae2f24.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - wlxgtAjN1p2_Y5y5rRiy1xViSFIl0MicFhmFAIqo6eLMTHwxaaIcPw== + - hXD5-bcewdUjjXxgpMsngfnZa31qeEQo8u7qeeI4cawgXXo5_kGFCA== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P1 X-Arequestid: - - f3ccb2ed019adea7ce5dda70d811082c + - 4c87fd04b308864ca1f62aab6b4ca418 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '347' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5662,31 +5890,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:05.748+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:28.160+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* High *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5696,9 +5924,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5708,12 +5936,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - d76f68f8-1644-400e-9b45-c19447794008 + - ef4afb82-570f-4e40-907f-d3e3f4ac01f8 Atl-Traceid: - - d76f68f81644400e9b45c19447794008 + - ef4afb82570f4e40907fd3e3f4ac01f8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5723,7 +5951,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:13 GMT + - Tue, 04 Nov 2025 18:02:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5733,7 +5961,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=450,atl-edge;dur=448,atl-edge-internal;dur=20,atl-edge-upstream;dur=426,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="hpFST4gTmPiWY_ZuXU776uqtfLcJ5_PvH7fGjyP-4VHi00twq0S-fQ==",cdn-downstream-fbl;dur=453 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=298,atl-edge;dur=275,atl-edge-internal;dur=16,atl-edge-upstream;dur=259,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="Eey6fhnPCtbAksd0SHoiuMOPIrIJZ3QvuTZf_kaCxf81JCuIu6bDRg==",cdn-downstream-fbl;dur=301 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5743,15 +5971,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 cc5461804f39ae1b3956b0f75ed048ce.cloudfront.net (CloudFront) + - 1.1 db28001b9bfb563d1bfcaccd38c4436a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - hpFST4gTmPiWY_ZuXU776uqtfLcJ5_PvH7fGjyP-4VHi00twq0S-fQ== + - Eey6fhnPCtbAksd0SHoiuMOPIrIJZ3QvuTZf_kaCxf81JCuIu6bDRg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - b4b5f2a52eec893e2ccf8eff75a9a9a9 + - 4a65143fd32e1fb94325d3d02b65f1b3 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5775,7 +6007,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -5789,9 +6021,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - f44659d7-4b03-4f92-9aa1-49d40a6bb2c3 + - 26d68e00-fc97-4615-8c36-35fc6eb20bd4 Atl-Traceid: - - f44659d74b034f929aa149d40a6bb2c3 + - 26d68e00fc9746158c3635fc6eb20bd4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5801,7 +6033,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:15 GMT + - Tue, 04 Nov 2025 18:02:31 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5811,7 +6043,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=495,atl-edge;dur=488,atl-edge-internal;dur=14,atl-edge-upstream;dur=474,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="kf1934QhBnHiCA0VJlgxA-tUUp9ypGZ1Z0wkPRWa4JRciHRl5uRn0A==",cdn-downstream-fbl;dur=499 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=367,atl-edge;dur=342,atl-edge-internal;dur=19,atl-edge-upstream;dur=324,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="qqGsJCw07be3XxAxHmleKdXeyaaYfHzftA96yWBHzgeefUuQlTO9EQ==",cdn-downstream-fbl;dur=371 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5821,18 +6053,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b96ad58427ffff8b9d3959350f8c9f16.cloudfront.net (CloudFront) + - 1.1 272eaf2883bb602816447bd7132021d2.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - kf1934QhBnHiCA0VJlgxA-tUUp9ypGZ1Z0wkPRWa4JRciHRl5uRn0A== + - qqGsJCw07be3XxAxHmleKdXeyaaYfHzftA96yWBHzgeefUuQlTO9EQ== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P1 X-Arequestid: - - bee7d2e295024835e7a21e2acfbb1dce + - b59f40b78e4805b78dc498f71f2d354a + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5846,20 +6082,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5869,8 +6105,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n *CWE:* + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5894,17 +6130,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - f02be48b-5d7f-465c-b9f5-8a5ff38c5ae7 + - 13a948f5-f71b-4862-9552-c33a25c0439a Atl-Traceid: - - f02be48b5d7f465cb9f58a5ff38c5ae7 + - 13a948f5f71b48629552c33a25c0439a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5912,7 +6148,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:16 GMT + - Tue, 04 Nov 2025 18:02:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5922,7 +6158,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=700,atl-edge;dur=697,atl-edge-internal;dur=15,atl-edge-upstream;dur=681,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="ov56-66LB7eHtH8tKi3qAJrliv2cjrVG5cfJGPa1NG5G3Vmnuwz03A==",cdn-downstream-fbl;dur=704 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=560,atl-edge;dur=536,atl-edge-internal;dur=17,atl-edge-upstream;dur=520,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="G_nlrRB-sJiE1FRGZKzb9-SDjnLhxEHBZGxZThGVXO5FwA9YXoy_Ow==",cdn-downstream-fbl;dur=565 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5930,15 +6166,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4682ab309f4f72758d209c996a38d094.cloudfront.net (CloudFront) + - 1.1 9062d4391fad2aec3a7d6f3edcebc662.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ov56-66LB7eHtH8tKi3qAJrliv2cjrVG5cfJGPa1NG5G3Vmnuwz03A== + - G_nlrRB-sJiE1FRGZKzb9-SDjnLhxEHBZGxZThGVXO5FwA9YXoy_Ow== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN53-P2 X-Arequestid: - - 8bca410ec14b4d5960f61f22f4e21125 + - f3a36fc91e1f81cbe921f0cbd84eaf37 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5962,31 +6202,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:16.303+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:31.787+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5996,8 +6236,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -6008,12 +6248,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - f2bb83a7-fcad-408b-992c-8965df074531 + - 0c38a635-3b3e-4910-9c5d-2f6a1c4cc2a3 Atl-Traceid: - - f2bb83a7fcad408b992c8965df074531 + - 0c38a6353b3e49109c5d2f6a1c4cc2a3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6023,7 +6263,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:17 GMT + - Tue, 04 Nov 2025 18:02:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6033,7 +6273,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=415,atl-edge;dur=413,atl-edge-internal;dur=16,atl-edge-upstream;dur=397,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="cuBJur0jYF5Sz6orVCcBpV7XgdNGnYrF17hRd9gQ0f_JLJPUfFKZYg==",cdn-downstream-fbl;dur=420 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=259,atl-edge;dur=236,atl-edge-internal;dur=16,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="Xiw3f1mCwgx6460JhWRmS5qzMM_ICjpNWNWUnO1U3a52_vIGhNlNLQ==",cdn-downstream-fbl;dur=263 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6043,15 +6283,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4ab519b4cd27a1b8a4b258d7f39bbc7e.cloudfront.net (CloudFront) + - 1.1 98d9402866aa771c6e6bbecb98c200aa.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - cuBJur0jYF5Sz6orVCcBpV7XgdNGnYrF17hRd9gQ0f_JLJPUfFKZYg== + - Xiw3f1mCwgx6460JhWRmS5qzMM_ICjpNWNWUnO1U3a52_vIGhNlNLQ== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P1 X-Arequestid: - - a27a5e0f41ae92f4fda04e384837f4b9 + - a3a53d0a7e425f419a7174ea00993c37 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6075,17 +6319,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:18.996+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:32.594+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 93436a4d-e21f-46c2-9504-7bd393ed51bd + - f896cac3-c253-4eff-a552-e3465f3b8464 Atl-Traceid: - - 93436a4de21f46c295047bd393ed51bd + - f896cac3c2534effa552e3465f3b8464 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6095,7 +6339,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:19 GMT + - Tue, 04 Nov 2025 18:02:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6105,7 +6349,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=311,atl-edge;dur=310,atl-edge-internal;dur=12,atl-edge-upstream;dur=297,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="Bdg8X8QplHvORUIRCFwu3B46RW87UxYNAD6dUq3PLsXuliiqdAoanA==",cdn-downstream-fbl;dur=315 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=202,atl-edge;dur=177,atl-edge-internal;dur=19,atl-edge-upstream;dur=160,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="W5cGxk-h4odaQxyMDqhKlF9wwqCPm0MV9su9qQjvj4zbL5imSb7j0w==",cdn-downstream-fbl;dur=205 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6115,15 +6359,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ddbdc753f03fb9542b090928fc2d074a.cloudfront.net (CloudFront) + - 1.1 d18c8670421cff5c9fa297b260cb2814.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - Bdg8X8QplHvORUIRCFwu3B46RW87UxYNAD6dUq3PLsXuliiqdAoanA== + - W5cGxk-h4odaQxyMDqhKlF9wwqCPm0MV9su9qQjvj4zbL5imSb7j0w== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P2 X-Arequestid: - - cedf3130752c69bb6bfec1b1de700232 + - 6863671811f04aede958d531f927fc9b + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6147,31 +6395,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:16.303+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:31.787+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6181,8 +6429,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -6193,12 +6441,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - cb991777-76b6-4375-b9e7-8652e1e90ee9 + - 1568bced-3eeb-443f-abf4-67c78967c96f Atl-Traceid: - - cb99177776b64375b9e78652e1e90ee9 + - 1568bced3eeb443fabf467c78967c96f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6208,7 +6456,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:20 GMT + - Tue, 04 Nov 2025 18:02:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6218,7 +6466,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=428,atl-edge;dur=427,atl-edge-internal;dur=17,atl-edge-upstream;dur=409,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="zMQy3jJ641KThoVTrpgFW-Dt67aR7PN3k1hRvcqnjQK019Z9Jl6RzQ==",cdn-downstream-fbl;dur=433 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=308,atl-edge;dur=285,atl-edge-internal;dur=18,atl-edge-upstream;dur=267,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="Zmh-PTuHoi8Wz9yaxe3JQqsS1gucXJ0zR_BNggfl_y04kQ737GiKwg==",cdn-downstream-fbl;dur=312 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6228,15 +6476,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3d26345933183b6a437e0f8ba3c37df8.cloudfront.net (CloudFront) + - 1.1 86b6aab4b36e97123c5f76cc2e3ac8ec.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - zMQy3jJ641KThoVTrpgFW-Dt67aR7PN3k1hRvcqnjQK019Z9Jl6RzQ== + - Zmh-PTuHoi8Wz9yaxe3JQqsS1gucXJ0zR_BNggfl_y04kQ737GiKwg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - 8bb6d96117d6cc9b4f67f0ec8e126b04 + - 1574c10e7f6fb37c538e545415c4bdd8 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6260,17 +6512,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:21.535+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:33.308+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 48c68e59-ff64-4946-9a56-f9f5d8fd1966 + - 295e2098-a67e-4e03-844a-fc073a9000a4 Atl-Traceid: - - 48c68e59ff6449469a56f9f5d8fd1966 + - 295e2098a67e4e03844afc073a9000a4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6280,7 +6532,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:21 GMT + - Tue, 04 Nov 2025 18:02:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6290,7 +6542,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=344,atl-edge;dur=342,atl-edge-internal;dur=14,atl-edge-upstream;dur=329,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="IeVebs2HQlaZdB5sqM0Nsy4LdmKP-OpQWmsvw9NCY7AjHThmNbsUqw==",cdn-downstream-fbl;dur=348 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=268,atl-edge;dur=180,atl-edge-internal;dur=18,atl-edge-upstream;dur=159,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="5w4SsVzYCnEby_tzpIqXDOGfyOAiKRC2lRTWddWsv6lduT-A9No-PA==",cdn-downstream-fbl;dur=272 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6300,15 +6552,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e3d6764a647541ed814ff5842b8b1476.cloudfront.net (CloudFront) + - 1.1 9d0c0f607ed2753212b70ce75683881e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - IeVebs2HQlaZdB5sqM0Nsy4LdmKP-OpQWmsvw9NCY7AjHThmNbsUqw== + - 5w4SsVzYCnEby_tzpIqXDOGfyOAiKRC2lRTWddWsv6lduT-A9No-PA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P3 X-Arequestid: - - 302209279622f2e9ea01e1106667e9e1 + - 9f8a86f14c9aab40078ee3ccc6b383bc + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6332,31 +6588,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:16.303+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:31.787+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6366,8 +6622,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -6378,12 +6634,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - bb6fe927-bb9f-4bd1-a81a-4090ec8dc0ff + - 32e21ec6-d322-48c1-9104-6a4b55975dc7 Atl-Traceid: - - bb6fe927bb9f4bd1a81a4090ec8dc0ff + - 32e21ec6d32248c191046a4b55975dc7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6393,7 +6649,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:22 GMT + - Tue, 04 Nov 2025 18:02:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6403,7 +6659,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=414,atl-edge;dur=411,atl-edge-internal;dur=15,atl-edge-upstream;dur=396,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="595hAZhQqjmcQBHd1Egqkm6ZHYTolXHMzywNsdhTNZHdz6WnFtTQ-A==",cdn-downstream-fbl;dur=419 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=310,atl-edge;dur=287,atl-edge-internal;dur=17,atl-edge-upstream;dur=270,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="S8JDi7gASAqQRgM9mClF2vcbWBlgDmU43jXkmvp6E3qqrfF9OUWEqg==",cdn-downstream-fbl;dur=314 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6413,15 +6669,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 7bda591fa44b42ef6384ae955fdd5d7c.cloudfront.net (CloudFront) + - 1.1 057707d7f80ca305efe5fad72e15b94c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 595hAZhQqjmcQBHd1Egqkm6ZHYTolXHMzywNsdhTNZHdz6WnFtTQ-A== + - S8JDi7gASAqQRgM9mClF2vcbWBlgDmU43jXkmvp6E3qqrfF9OUWEqg== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P3 X-Arequestid: - - 91f326b1510687313bb3f3efa259ad63 + - c7eacd26c03d831698066a736bce84b1 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6445,17 +6705,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:24.066+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:34.077+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 1e14899d-fec7-4213-b71f-1b8fe90aa415 + - 06dbdc39-0311-47f8-b906-d9fd82535f8d Atl-Traceid: - - 1e14899dfec74213b71f1b8fe90aa415 + - 06dbdc39031147f8b906d9fd82535f8d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6465,7 +6725,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:24 GMT + - Tue, 04 Nov 2025 18:02:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6475,7 +6735,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=333,atl-edge;dur=329,atl-edge-internal;dur=14,atl-edge-upstream;dur=315,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="nVFu2RBdrP-ld85Vbk3Fw2EMtu0hCjboSsqYDDXjKQ7J1PiXwE-l6g==",cdn-downstream-fbl;dur=336 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=202,atl-edge;dur=179,atl-edge-internal;dur=16,atl-edge-upstream;dur=164,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="GOYaMNJjoXVZli20mbVW0g3t8lc73E_GRlEF9aQQBl__IfezzmDZ0A==",cdn-downstream-fbl;dur=207 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6485,15 +6745,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a97b28e298ec5907aa1d86d22bc232a0.cloudfront.net (CloudFront) + - 1.1 b1a94c3ca6429736112e2213a359c78a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - nVFu2RBdrP-ld85Vbk3Fw2EMtu0hCjboSsqYDDXjKQ7J1PiXwE-l6g== + - GOYaMNJjoXVZli20mbVW0g3t8lc73E_GRlEF9aQQBl__IfezzmDZ0A== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P3 X-Arequestid: - - 3790b3e665db34ced97b98233f3121ee + - 166986c9991bdf435aff80675b7f872b + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '347' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6517,31 +6781,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:16.303+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:31.787+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6551,8 +6815,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -6563,12 +6827,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 7cb7785a-9135-4343-a23f-d17b9347d600 + - 28b2cda1-0c97-4c69-80ca-3a86d6495f8b Atl-Traceid: - - 7cb7785a91354343a23fd17b9347d600 + - 28b2cda10c974c6980ca3a86d6495f8b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6578,7 +6842,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:25 GMT + - Tue, 04 Nov 2025 18:02:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6588,7 +6852,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=411,atl-edge;dur=407,atl-edge-internal;dur=15,atl-edge-upstream;dur=392,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="9YWH1fQ6-XnCRHGsSa90zsK2QCp2Ewyx-MKEdiPL8uXKKcNArbxVhQ==",cdn-downstream-fbl;dur=415 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=281,atl-edge;dur=258,atl-edge-internal;dur=16,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="30aCFrMyTvzA6QXBfYx1ZW4LjaiDACISKsHmdH3EGQRcsP7SHVqevg==",cdn-downstream-fbl;dur=285 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6598,15 +6862,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9f543b41d91998db89601c7fae0f18c2.cloudfront.net (CloudFront) + - 1.1 b1a94c3ca6429736112e2213a359c78a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 9YWH1fQ6-XnCRHGsSa90zsK2QCp2Ewyx-MKEdiPL8uXKKcNArbxVhQ== + - 30aCFrMyTvzA6QXBfYx1ZW4LjaiDACISKsHmdH3EGQRcsP7SHVqevg== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P3 X-Arequestid: - - 55c1f48c7fddfc0efb6ce1119c473814 + - 8d37bcebb95e3160bd9dae0333c3900b + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '396' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6630,7 +6898,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -6644,9 +6912,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 860e22e3-b6f7-4539-b2af-9f9444789bd1 + - 5cb85511-2e94-43ba-bc7e-cb4c1c56d866 Atl-Traceid: - - 860e22e3b6f74539b2af9f9444789bd1 + - 5cb855112e9443babc7ecb4c1c56d866 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6656,7 +6924,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:26 GMT + - Tue, 04 Nov 2025 18:02:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6666,7 +6934,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=504,atl-edge;dur=502,atl-edge-internal;dur=14,atl-edge-upstream;dur=487,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="d8uY-VdXj-N6zj97EaHn-2slpA9E70yQ21SmgsNyGrj6W2EBoqAYxQ==",cdn-downstream-fbl;dur=507 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=323,atl-edge;dur=300,atl-edge-internal;dur=16,atl-edge-upstream;dur=283,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="UTnXXrNGyq-Ixf3YtPiPvKLHb172wh3ukKpTHeJ5P0ctQRjI4F7gPg==",cdn-downstream-fbl;dur=326 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6676,18 +6944,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9478009849c2f6b9551c4c5c23842910.cloudfront.net (CloudFront) + - 1.1 66b4cf5fe1131d403a242f2f9f334158.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - d8uY-VdXj-N6zj97EaHn-2slpA9E70yQ21SmgsNyGrj6W2EBoqAYxQ== + - UTnXXrNGyq-Ixf3YtPiPvKLHb172wh3ukKpTHeJ5P0ctQRjI4F7gPg== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN52-P3 X-Arequestid: - - a3600f900a676b3a32dc23ec383b70d8 + - a069f61a8ac5604f7792c5ba426a342f + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6701,20 +6973,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6724,8 +6996,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n *CWE:* + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6745,21 +7017,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3531' + - '3530' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - ec26d2f8-f396-4d20-812c-cd4f8ba07231 + - ac6e0b47-49a9-46db-a88c-1c9b8c8714b2 Atl-Traceid: - - ec26d2f8f3964d20812ccd4f8ba07231 + - ac6e0b4749a946dba88c1c9b8c8714b2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6767,7 +7039,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:28 GMT + - Tue, 04 Nov 2025 18:02:35 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6777,7 +7049,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=710,atl-edge;dur=707,atl-edge-internal;dur=15,atl-edge-upstream;dur=692,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="Z_0Onz-4EAW-0Pm8K9BgFcF-V_POpqKjP5jAZuVZo_Mbi65kGMN1-w==",cdn-downstream-fbl;dur=713 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=779,atl-edge;dur=755,atl-edge-internal;dur=18,atl-edge-upstream;dur=737,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="irL834izS-OYI0_8uL515V7w_BLDXG2LymmClVTiSFH2U5AC3jZx1w==",cdn-downstream-fbl;dur=784 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6785,15 +7057,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2e2023905a055fb3a137d4ecfec97d0e.cloudfront.net (CloudFront) + - 1.1 a7c0ba01db75946f7df3f7eaf69984b6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - Z_0Onz-4EAW-0Pm8K9BgFcF-V_POpqKjP5jAZuVZo_Mbi65kGMN1-w== + - irL834izS-OYI0_8uL515V7w_BLDXG2LymmClVTiSFH2U5AC3jZx1w== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P2 X-Arequestid: - - 16beae5fd4d5a4a2694940d03f18fcf9 + - 0b99efe7925c20669d0dde45dd27eef4 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6817,31 +7093,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:28.106+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:35.656+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6851,8 +7127,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -6863,12 +7139,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - f192d8c3-df4e-4b67-8248-f41d77c1c341 + - c4cee2ba-8ec5-4981-82db-dbff0edc2657 Atl-Traceid: - - f192d8c3df4e4b678248f41d77c1c341 + - c4cee2ba8ec5498182dbdbff0edc2657 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6878,7 +7154,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:29 GMT + - Tue, 04 Nov 2025 18:02:36 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6888,7 +7164,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=425,atl-edge;dur=423,atl-edge-internal;dur=16,atl-edge-upstream;dur=407,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="jEEwB4sLvUL_pRnhb5CM-ttXTqIbtsFJ1Sgql2nE4aovDNDkkKDxCA==",cdn-downstream-fbl;dur=428 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=272,atl-edge;dur=249,atl-edge-internal;dur=17,atl-edge-upstream;dur=232,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="IEFnfQxZL_y0ZHrTyPdPAyUstPTMb7PdW8rqvbT45w0xgF-EB11lPQ==",cdn-downstream-fbl;dur=276 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6898,15 +7174,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 59067266959db6ef629f60366c4dee48.cloudfront.net (CloudFront) + - 1.1 befcfd7ee847a3c890471f27612dbcde.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - jEEwB4sLvUL_pRnhb5CM-ttXTqIbtsFJ1Sgql2nE4aovDNDkkKDxCA== + - IEFnfQxZL_y0ZHrTyPdPAyUstPTMb7PdW8rqvbT45w0xgF-EB11lPQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P2 X-Arequestid: - - 71ce21f341826f1ccc9af2da7e9a1a65 + - ee30362c6c652b26dbe77bbd8a8e1226 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6932,17 +7212,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/transitions + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/transitions response: body: string: '' headers: Atl-Request-Id: - - 3eb1cbc5-968c-4de6-9e70-1afc25968bb4 + - 88795a8f-0446-4486-8b01-94aa6086d89d Atl-Traceid: - - 3eb1cbc5968c4de69e701afc25968bb4 + - 88795a8f044644868b0194aa6086d89d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6950,7 +7230,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:31 GMT + - Tue, 04 Nov 2025 18:02:36 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6960,7 +7240,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=614,atl-edge;dur=609,atl-edge-internal;dur=15,atl-edge-upstream;dur=594,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="CsZOpBptDzkIbsZobAq4r0rYv-F_qUU8UUxqn65VQYTwh1Tz0_opug==",cdn-downstream-fbl;dur=617 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=594,atl-edge;dur=501,atl-edge-internal;dur=21,atl-edge-upstream;dur=481,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="hinoF4kJkunQNqxVpGq9aYFk_kOPIredaUFg1TdQ0U1lA8Ha5PuFzA==",cdn-downstream-fbl;dur=598 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6968,15 +7248,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2a6cd2383f2f70d74f5acfbb719135b8.cloudfront.net (CloudFront) + - 1.1 d7b3fa0ef559ab3ac226fc78e47d311a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - CsZOpBptDzkIbsZobAq4r0rYv-F_qUU8UUxqn65VQYTwh1Tz0_opug== + - hinoF4kJkunQNqxVpGq9aYFk_kOPIredaUFg1TdQ0U1lA8Ha5PuFzA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P1 X-Arequestid: - - 60a6b34fa410f27f9f9e05ac695f6ecf + - c88049880f993932b4f9398331d24f97 + X-Beta-Ratelimit-Limit: + - '200' + X-Beta-Ratelimit-Remaining: + - '199' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7000,17 +7284,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:32.364+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:37.119+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 618a7a64-03be-48b8-8d9d-739ac89ec899 + - 2771b662-4b46-499a-aaf3-2ffb6229ca81 Atl-Traceid: - - 618a7a6403be48b88d9d739ac89ec899 + - 2771b6624b46499aaaf32ffb6229ca81 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7020,7 +7304,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:32 GMT + - Tue, 04 Nov 2025 18:02:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7030,7 +7314,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=358,atl-edge;dur=353,atl-edge-internal;dur=15,atl-edge-upstream;dur=337,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="2f-Z0Vn7BaLIkqBenmNJ1qJ0I6_JEIrj7W3oHJcX1lqhkHESqbrsow==",cdn-downstream-fbl;dur=362 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=201,atl-edge;dur=177,atl-edge-internal;dur=17,atl-edge-upstream;dur=161,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="zWEDoTZAzfgL-0o_rHae_HfM387v5AsBKgmiDF8S6izbyT9IlNQ6TA==",cdn-downstream-fbl;dur=204 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7040,15 +7324,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b39f0409e845bde1b97cd11f1d544d4e.cloudfront.net (CloudFront) + - 1.1 3fddcbe99f78632bf14e5e80e6c14058.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 2f-Z0Vn7BaLIkqBenmNJ1qJ0I6_JEIrj7W3oHJcX1lqhkHESqbrsow== + - zWEDoTZAzfgL-0o_rHae_HfM387v5AsBKgmiDF8S6izbyT9IlNQ6TA== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P2 X-Arequestid: - - b54d49fdcf7fd373faf25050d4cdd82a + - 6d3bb40d7f6dc856eb5acf3c920edb4f + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7072,32 +7360,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:30.923+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:36.581+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:30.922+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:36.580+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -7107,8 +7395,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -7119,12 +7407,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 142d47d4-68b7-4bd2-95a7-43f40cd1052d + - 1c5abdf4-3914-4f5d-a876-4c4e68f8a09f Atl-Traceid: - - 142d47d468b74bd295a743f40cd1052d + - 1c5abdf439144f5da8764c4e68f8a09f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7134,7 +7422,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:33 GMT + - Tue, 04 Nov 2025 18:02:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7144,7 +7432,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=418,atl-edge;dur=416,atl-edge-internal;dur=14,atl-edge-upstream;dur=402,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="yMO1Lh51rWInQUC6hxUdPDPgvOsr6ktYwykw7kP_BbhkDxNc9qPoHQ==",cdn-downstream-fbl;dur=421 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=379,atl-edge;dur=287,atl-edge-internal;dur=20,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="9cxUthhe0oOIKEM0V1U6EJk_8fcGOFqyjzLWHgRzC0VocNRmJHN9KQ==",cdn-downstream-fbl;dur=383 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7154,15 +7442,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3e61a2014e7d26249915c64513c0b4f2.cloudfront.net (CloudFront) + - 1.1 81c07f42f70c1aec766dc553e24f3864.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - yMO1Lh51rWInQUC6hxUdPDPgvOsr6ktYwykw7kP_BbhkDxNc9qPoHQ== + - 9cxUthhe0oOIKEM0V1U6EJk_8fcGOFqyjzLWHgRzC0VocNRmJHN9KQ== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - 0c328a5f428f4803e5bc6162e4cfc0e9 + - 835607e3053047c761aa5c91f7e0a434 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7186,17 +7478,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:34.833+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:37.910+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - df1d9a92-3007-4a77-8e14-7e049e41d575 + - 5b91aeac-74eb-4042-9faf-7ee67acafa0e Atl-Traceid: - - df1d9a9230074a778e147e049e41d575 + - 5b91aeac74eb40429faf7ee67acafa0e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7206,7 +7498,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:34 GMT + - Tue, 04 Nov 2025 18:02:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7216,7 +7508,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=323,atl-edge;dur=321,atl-edge-internal;dur=16,atl-edge-upstream;dur=306,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="_aa8seReyjY4Q9xnBWQK3idrX8nMwlxI9fX7yC4sVEyrMYZWkd1oew==",cdn-downstream-fbl;dur=327 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=262,atl-edge;dur=173,atl-edge-internal;dur=18,atl-edge-upstream;dur=154,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="w9HcJnW4ya4xOv-WC42GmXRHifLJNmmMsa7EIx-8zZhn5GO2sJETAw==",cdn-downstream-fbl;dur=265 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7226,15 +7518,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c44c600db483eb2098670fa47c16d840.cloudfront.net (CloudFront) + - 1.1 0ec4ee481d2d7e134f4c87a9b9fc4e06.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - _aa8seReyjY4Q9xnBWQK3idrX8nMwlxI9fX7yC4sVEyrMYZWkd1oew== + - w9HcJnW4ya4xOv-WC42GmXRHifLJNmmMsa7EIx-8zZhn5GO2sJETAw== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P2 X-Arequestid: - - e29d883ef0e105ca443d1f81780112ec + - 1f0f20862036e67e517c2ea31fb6bf8b + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7258,32 +7554,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:30.923+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:36.581+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:30.922+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:36.580+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -7293,8 +7589,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -7305,12 +7601,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 90e6857e-afb4-46c5-98aa-c6b22411c647 + - 3102e328-9341-48c0-87f1-fac846f0479f Atl-Traceid: - - 90e6857eafb446c598aac6b22411c647 + - 3102e328934148c087f1fac846f0479f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7320,7 +7616,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:36 GMT + - Tue, 04 Nov 2025 18:02:38 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7330,7 +7626,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=430,atl-edge;dur=428,atl-edge-internal;dur=14,atl-edge-upstream;dur=413,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="TrH92-xsGIhpkPxjnshiaI50r82dUkzOZzXH__n0fF7FIb3z97HiiQ==",cdn-downstream-fbl;dur=434 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=272,atl-edge;dur=249,atl-edge-internal;dur=17,atl-edge-upstream;dur=233,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="Q1yTY_KYiQGdw1sg51d9MDHhbpncBiQ5GIhnYq8sNAZSvT35nIWIHA==",cdn-downstream-fbl;dur=275 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7340,15 +7636,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 6eb4925a459e5104745cfd7f77596766.cloudfront.net (CloudFront) + - 1.1 be287e7673276d1e72db92a6f145d6f0.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - TrH92-xsGIhpkPxjnshiaI50r82dUkzOZzXH__n0fF7FIb3z97HiiQ== + - Q1yTY_KYiQGdw1sg51d9MDHhbpncBiQ5GIhnYq8sNAZSvT35nIWIHA== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P1 X-Arequestid: - - caa2dcecdf3d639f1145c994770919c0 + - 87efe3c9a1d9479690e8f6a2afc128de + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7372,17 +7672,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:37.493+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:38.634+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - a92d6525-f637-4578-a429-0bc3aacab9ac + - f09f13bb-6bff-4e89-b9b2-27496af5197e Atl-Traceid: - - a92d6525f6374578a4290bc3aacab9ac + - f09f13bb6bff4e89b9b227496af5197e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7392,7 +7692,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:37 GMT + - Tue, 04 Nov 2025 18:02:38 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7402,7 +7702,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=325,atl-edge;dur=323,atl-edge-internal;dur=14,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="S9VD-wsJipitOgc74rj5qQigBcwEgjhVLk3wo0G9do61rDst6J6NsQ==",cdn-downstream-fbl;dur=328 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=194,atl-edge;dur=171,atl-edge-internal;dur=14,atl-edge-upstream;dur=157,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="yxQ51jK65LA7XZPIWd5HhQ-XmUXZS62bxZr7SnScQq_IXmUlcR-R-Q==",cdn-downstream-fbl;dur=199 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7412,15 +7712,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2db2695e7e4ed9660f2422e6ea5c01e4.cloudfront.net (CloudFront) + - 1.1 d1f45df4933065053cea3fd574dc6f20.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - S9VD-wsJipitOgc74rj5qQigBcwEgjhVLk3wo0G9do61rDst6J6NsQ== + - yxQ51jK65LA7XZPIWd5HhQ-XmUXZS62bxZr7SnScQq_IXmUlcR-R-Q== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P1 X-Arequestid: - - 27cdec19431783f2459745f27f8840a0 + - 7a28763ee8b48feccc860cc348673990 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '347' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7444,7 +7748,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -7458,9 +7762,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 558cb70a-406b-4b35-b284-2748c7e33752 + - 9f121170-5613-49b2-9458-36faa4027b83 Atl-Traceid: - - 558cb70a406b4b35b2842748c7e33752 + - 9f121170561349b2945836faa4027b83 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7470,7 +7774,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:39 GMT + - Tue, 04 Nov 2025 18:02:39 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7480,7 +7784,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=508,atl-edge;dur=507,atl-edge-internal;dur=19,atl-edge-upstream;dur=488,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="InwEorUHv5Mq8QQG8hUpNCE4Fg0lsF8_YS2pVQK5LgeHXUsahWqn5Q==",cdn-downstream-fbl;dur=512 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=377,atl-edge;dur=353,atl-edge-internal;dur=23,atl-edge-upstream;dur=325,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="rjavgbg41Lw3jUfrFCPvDVqm_0Kd6HGOUfIiAMaZRKUcB5-F7hWpsw==",cdn-downstream-fbl;dur=380 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7490,18 +7794,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 00f0469d54a973389150a36c64065326.cloudfront.net (CloudFront) + - 1.1 88bce767af5e31f726ade38ea5253bd4.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - InwEorUHv5Mq8QQG8hUpNCE4Fg0lsF8_YS2pVQK5LgeHXUsahWqn5Q== + - rjavgbg41Lw3jUfrFCPvDVqm_0Kd6HGOUfIiAMaZRKUcB5-F7hWpsw== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P2 X-Arequestid: - - 0ed9cb8e7dc240b0707dd60d4bb5d3f4 + - 5d7b16c4113abcc24cb4933892410004 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7514,11 +7822,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Jira Api Test 2", "description": "\n\n\n\n\n\n\n*Title*: [Jira Api - Test 2|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* http://localhost:8080/finding/252 - (252)\n\n*Severity:* Medium\n\n\n*Due Date:* Oct. 23, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* http://localhost:8080/finding/240 + (240)\n\n*Severity:* Medium\n\n\n*Due Date:* Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header @@ -7537,21 +7845,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1445' + - '1444' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"21269","key":"NTEST-3090","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21269"}' + string: '{"id":"23616","key":"NTEST-3175","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616"}' headers: Atl-Request-Id: - - 3ff63dc5-ebcd-4ac4-a2c8-d5f24927ba42 + - 6b2750a9-1062-4dc5-b3ec-61f0097a0872 Atl-Traceid: - - 3ff63dc5ebcd4ac4a2c8d5f24927ba42 + - 6b2750a910624dc5b3ec61f0097a0872 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7559,7 +7867,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:40 GMT + - Tue, 04 Nov 2025 18:02:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7569,7 +7877,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=860,atl-edge;dur=858,atl-edge-internal;dur=13,atl-edge-upstream;dur=845,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="RtrZz_FglFXJZkS5BAOBPwdXJU23BXlvAFFM0NZhZrMA-4c03Vatdg==",cdn-downstream-fbl;dur=864 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=726,atl-edge;dur=703,atl-edge-internal;dur=14,atl-edge-upstream;dur=688,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="tnaIJlYR3CEPOa40bygU6PTgmnQMkfQNisxxl2V6s5tH_crOqMjSnA==",cdn-downstream-fbl;dur=729 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7579,15 +7887,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 74ae22067fef6f6228fb9f864f22f58a.cloudfront.net (CloudFront) + - 1.1 21d788b44c2b3d335a275c07a54548b6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - RtrZz_FglFXJZkS5BAOBPwdXJU23BXlvAFFM0NZhZrMA-4c03Vatdg== + - tnaIJlYR3CEPOa40bygU6PTgmnQMkfQNisxxl2V6s5tH_crOqMjSnA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - c92f0bdd5bb87393e5f7f4bdf2aa9fbb + - a2f8f1918bc73d63154c68803bf11a34 + X-Beta-Ratelimit-Limit: + - '200' + X-Beta-Ratelimit-Remaining: + - '199' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7611,23 +7923,23 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3090 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21269","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21269","key":"NTEST-3090","fields":{"statuscategorychangedate":"2025-07-25T21:04:40.572+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23616","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616","key":"NTEST-3175","fields":{"statuscategorychangedate":"2025-11-04T19:02:39.969+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3090/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3090/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:04:40.315+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i0129b:","updated":"2025-07-25T21:04:40.391+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: - [Jira Api Test 2|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* - http://localhost:8080/finding/252 (252)\n\n*Severity:* Medium\n\n\n*Due Date:* - Oct. 23, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:39.717+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sv:","updated":"2025-11-04T19:02:39.806+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: + [Jira Api Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* + http://localhost:8080/finding/240 (240)\n\n*Severity:* Medium\n\n\n*Due Date:* + Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` @@ -7636,12 +7948,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Jira - Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21269/comment","maxResults":0,"total":0,"startAt":0}}}' + Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 1e437d4a-13ba-4797-8c2c-01cc924355be + - 6ccf0ef9-fd9b-4432-bf8a-2e8f11fba7c9 Atl-Traceid: - - 1e437d4a13ba47978c2c01cc924355be + - 6ccf0ef9fd9b4432bf8a2e8f11fba7c9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7651,7 +7963,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:42 GMT + - Tue, 04 Nov 2025 18:02:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7661,7 +7973,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=419,atl-edge;dur=415,atl-edge-internal;dur=15,atl-edge-upstream;dur=401,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="8S9VyLGINImlpiJ4j3ubGhUv1o-g2BZTO1ciTKeoKIhk-spvxidtsg==",cdn-downstream-fbl;dur=422 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=266,atl-edge;dur=242,atl-edge-internal;dur=18,atl-edge-upstream;dur=224,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="e02RKJIW0cRX3HMIMmt_45NvZh27FVNFbnXcy8k50hy-CEBTgRcZcA==",cdn-downstream-fbl;dur=269 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7671,15 +7983,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 55d9a4fa548a24d777eff07223b71680.cloudfront.net (CloudFront) + - 1.1 88bce767af5e31f726ade38ea5253bd4.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 8S9VyLGINImlpiJ4j3ubGhUv1o-g2BZTO1ciTKeoKIhk-spvxidtsg== + - e02RKJIW0cRX3HMIMmt_45NvZh27FVNFbnXcy8k50hy-CEBTgRcZcA== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P2 X-Arequestid: - - f5a71836d563244e63980c37fb2f6ca9 + - 709529d7d52f54071c194da2384bf701 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7703,23 +8019,23 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21269 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23616 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21269","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21269","key":"NTEST-3090","fields":{"statuscategorychangedate":"2025-07-25T21:04:40.572+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23616","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616","key":"NTEST-3175","fields":{"statuscategorychangedate":"2025-11-04T19:02:39.969+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3090/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3090/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:04:40.315+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i0129b:","updated":"2025-07-25T21:04:40.391+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: - [Jira Api Test 2|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* - http://localhost:8080/finding/252 (252)\n\n*Severity:* Medium\n\n\n*Due Date:* - Oct. 23, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:39.717+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sv:","updated":"2025-11-04T19:02:39.806+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: + [Jira Api Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* + http://localhost:8080/finding/240 (240)\n\n*Severity:* Medium\n\n\n*Due Date:* + Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` @@ -7728,12 +8044,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Jira - Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21269/comment","maxResults":0,"total":0,"startAt":0}}}' + Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - fb8865a9-de6a-4547-a248-930797f23e07 + - 6d8fec0e-0266-4452-b189-fde910fcf29f Atl-Traceid: - - fb8865a9de6a4547a248930797f23e07 + - 6d8fec0e02664452b189fde910fcf29f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7743,7 +8059,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:43 GMT + - Tue, 04 Nov 2025 18:02:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7753,7 +8069,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=469,atl-edge;dur=463,atl-edge-internal;dur=14,atl-edge-upstream;dur=449,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="a3rdhYDpzMwSNC6jvjUr4M2CXOtIOOh0QohccCR7cp9FjONsyPwEog==",cdn-downstream-fbl;dur=472 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=296,atl-edge;dur=273,atl-edge-internal;dur=15,atl-edge-upstream;dur=258,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="asmmql3a2Z0pcoxmf8Cmcy0y3dp_rm8faaNSwJktAl0ZSrkNcIt3ew==",cdn-downstream-fbl;dur=300 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7763,15 +8079,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 928b9a46c60991369db0a5ad58525eca.cloudfront.net (CloudFront) + - 1.1 be287e7673276d1e72db92a6f145d6f0.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - a3rdhYDpzMwSNC6jvjUr4M2CXOtIOOh0QohccCR7cp9FjONsyPwEog== + - asmmql3a2Z0pcoxmf8Cmcy0y3dp_rm8faaNSwJktAl0ZSrkNcIt3ew== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - 445f55695c3f1a6427629d1277c30b3e + - 1b1113d26dbfc8e11c2df4be6693a6a0 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7795,17 +8115,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:44.560+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:41.075+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 334df33b-9edc-4b6a-9044-404dc9ff5c7e + - 016d8ff3-a43f-4d81-bf8e-f691137c58f5 Atl-Traceid: - - 334df33b9edc4b6a9044404dc9ff5c7e + - 016d8ff3a43f4d81bf8ef691137c58f5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7815,7 +8135,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:44 GMT + - Tue, 04 Nov 2025 18:02:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7825,7 +8145,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=322,atl-edge;dur=320,atl-edge-internal;dur=13,atl-edge-upstream;dur=307,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="debpY1WfxssrkEHM0QHsfwcH89vPuIJJhE7HDcaNpP0oY3kdbF_Y7w==",cdn-downstream-fbl;dur=326 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=192,atl-edge;dur=170,atl-edge-internal;dur=17,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="lTP-q8vlhlkRdbHTgDAY4oyfp4jlIQNqeJ9ibJAq6z0rCuWXZpTYiQ==",cdn-downstream-fbl;dur=196 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7835,15 +8155,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4ab519b4cd27a1b8a4b258d7f39bbc7e.cloudfront.net (CloudFront) + - 1.1 56a79b3a2ac1e2942686c2337f96fb72.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - debpY1WfxssrkEHM0QHsfwcH89vPuIJJhE7HDcaNpP0oY3kdbF_Y7w== + - lTP-q8vlhlkRdbHTgDAY4oyfp4jlIQNqeJ9ibJAq6z0rCuWXZpTYiQ== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - 475713f08235ad2ff4d6d2ba6bfc5db0 + - 5d06f50f5ef93cbde9fa1e577883230d + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7867,32 +8191,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:30.923+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:36.581+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:30.922+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:36.580+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -7902,8 +8226,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -7914,12 +8238,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - d7727416-2f0f-4158-9dca-a570b84d955c + - 8a0885a3-64ab-454b-b777-8ae81e3e2249 Atl-Traceid: - - d77274162f0f41589dcaa570b84d955c + - 8a0885a364ab454bb7778ae81e3e2249 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7929,7 +8253,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:45 GMT + - Tue, 04 Nov 2025 18:02:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7939,7 +8263,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=421,atl-edge;dur=419,atl-edge-internal;dur=16,atl-edge-upstream;dur=403,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="P2fw0vAE_ByCJA06lVzvMWZ2e7Zm3SfuVLW0fRrF_YRmCeQtdXebgA==",cdn-downstream-fbl;dur=425 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=264,atl-edge;dur=240,atl-edge-internal;dur=17,atl-edge-upstream;dur=224,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="Tz9Kl-gyfx0SS0anc4lJCHIJ93_ulSiq_VI82qKtKWxmLRU8m3F81A==",cdn-downstream-fbl;dur=270 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7949,15 +8273,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 35202ecfee8e63e178de36be1b541f0e.cloudfront.net (CloudFront) + - 1.1 d4fb3448d1a8d3229dcf0a89f4bbe7e8.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - P2fw0vAE_ByCJA06lVzvMWZ2e7Zm3SfuVLW0fRrF_YRmCeQtdXebgA== + - Tz9Kl-gyfx0SS0anc4lJCHIJ93_ulSiq_VI82qKtKWxmLRU8m3F81A== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P2 X-Arequestid: - - 6087ab535e090eb6b59f4cfe7e9473e6 + - 644349756098d57ed8a5f63c0c3e9cb0 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7981,7 +8309,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -7995,9 +8323,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 3da42546-ba13-4dda-866c-d20a84e16d01 + - cb94304c-b90d-475a-9408-02305effd22b Atl-Traceid: - - 3da42546ba134dda866cd20a84e16d01 + - cb94304cb90d475a940802305effd22b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8007,7 +8335,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:47 GMT + - Tue, 04 Nov 2025 18:02:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8017,7 +8345,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=488,atl-edge;dur=486,atl-edge-internal;dur=18,atl-edge-upstream;dur=467,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="g3VtxXsBVYKSCmncnfkuvom0dsXco6WhYb5fb3ofDgmaFMQmM4U-0w==",cdn-downstream-fbl;dur=491 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=346,atl-edge;dur=323,atl-edge-internal;dur=23,atl-edge-upstream;dur=299,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="UnzuSKU2SzUmQRueawdpvO8eJVqoi7YWFHW1iQD1TkfFj4rl0M_GUQ==",cdn-downstream-fbl;dur=350 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8027,18 +8355,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 28cc33f6d1fa8bfd0cce12161c7d5e90.cloudfront.net (CloudFront) + - 1.1 2a3bfb7cadc3003297b11ce744cb58fa.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - g3VtxXsBVYKSCmncnfkuvom0dsXco6WhYb5fb3ofDgmaFMQmM4U-0w== + - UnzuSKU2SzUmQRueawdpvO8eJVqoi7YWFHW1iQD1TkfFj4rl0M_GUQ== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P1 X-Arequestid: - - 65aafeda3bb6c77593484ef88e4ef9ad + - 7d2d0cd26a0660da11dba68d43e4bc1c + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8052,22 +8384,22 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Jira - Api Test 2|http://localhost:8080/finding/252]|Active, Verified|\n\nFindings + Api Test 2|http://localhost:8080/finding/240]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8076,9 +8408,9 @@ interactions: Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/252]\n*Defect - Dojo link:* http://localhost:8080/finding/252 (252)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/240]\n*Defect + Dojo link:* http://localhost:8080/finding/240 (240)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8088,8 +8420,8 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n *CWE:* + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8109,21 +8441,21 @@ interactions: Connection: - keep-alive Content-Length: - - '4766' + - '4764' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - 79c255db-c503-4e0e-9b50-98a72ea9f541 + - ce61edb7-6706-4805-9ac1-1c30234c320a Atl-Traceid: - - 79c255dbc5034e0e9b5098a72ea9f541 + - ce61edb7670648059ac11c30234c320a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8131,7 +8463,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:49 GMT + - Tue, 04 Nov 2025 18:02:42 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8141,7 +8473,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=733,atl-edge;dur=731,atl-edge-internal;dur=15,atl-edge-upstream;dur=715,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="hjfjevc-vaM4TywsXCu7UyrLHHu2t_9ShByAN4AX0QNqjlsvWJKHDw==",cdn-downstream-fbl;dur=736 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=562,atl-edge;dur=538,atl-edge-internal;dur=17,atl-edge-upstream;dur=520,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="cxl1rRHLiXOEFKy_eyIofdI3UZVoTxL4SWjH6xhTVVV7Kkzxk-aEow==",cdn-downstream-fbl;dur=568 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8149,15 +8481,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 14d2e33ccccdcd865bebd3f59cd47112.cloudfront.net (CloudFront) + - 1.1 a827400055d7bbab6e387896737d4e50.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - hjfjevc-vaM4TywsXCu7UyrLHHu2t_9ShByAN4AX0QNqjlsvWJKHDw== + - cxl1rRHLiXOEFKy_eyIofdI3UZVoTxL4SWjH6xhTVVV7Kkzxk-aEow== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P1 X-Arequestid: - - 8fa01f3c9597147842ac2981d47587b1 + - f7ad31b3894d785b676afb78dc128180 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8181,34 +8517,34 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:30.923+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:36.581+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:48.633+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:42.347+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Jira - Api Test 2|http://localhost:8080/finding/252]|Active, Verified|\n\nFindings + Api Test 2|http://localhost:8080/finding/240]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8217,9 +8553,9 @@ interactions: 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/252]\n*Defect - Dojo link:* http://localhost:8080/finding/252 (252)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/240]\n*Defect + Dojo link:* http://localhost:8080/finding/240 (240)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8229,8 +8565,8 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -8241,12 +8577,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 41f75419-75ea-4e95-9274-d6054ccfcee2 + - fadaa2e1-100d-4bbc-bdf3-5bf631e08237 Atl-Traceid: - - 41f7541975ea4e959274d6054ccfcee2 + - fadaa2e1100d4bbcbdf35bf631e08237 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8256,7 +8592,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:50 GMT + - Tue, 04 Nov 2025 18:02:42 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8266,7 +8602,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=393,atl-edge;dur=391,atl-edge-internal;dur=14,atl-edge-upstream;dur=377,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="o6eZVwPv2scLYyoRlTM6K9mZLCyQPV96x58jXdUjdbeIPV3JqDmUCA==",cdn-downstream-fbl;dur=396 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=301,atl-edge;dur=279,atl-edge-internal;dur=20,atl-edge-upstream;dur=253,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="RUbk1CdNKX7HoVgONK_ddfuDd6jvvT9KnT7lZdVli7qKkzR8gqxZCg==",cdn-downstream-fbl;dur=306 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8276,15 +8612,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3468af8a053b0ff241626aed87444af8.cloudfront.net (CloudFront) + - 1.1 acb55e8d2b8ad7df45561a8bccaaa688.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - o6eZVwPv2scLYyoRlTM6K9mZLCyQPV96x58jXdUjdbeIPV3JqDmUCA== + - RUbk1CdNKX7HoVgONK_ddfuDd6jvvT9KnT7lZdVli7qKkzR8gqxZCg== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - 6e0ecef9f44c0d517568cd6ac2158cf7 + - af1bc4a4037d335a6067d2270f53a0af + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8308,17 +8648,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:51.489+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:43.167+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - e2085fbb-1341-4f29-bf85-c446fb3fcd02 + - 15ee5d90-3231-41f0-b2c3-892b9bb8b695 Atl-Traceid: - - e2085fbb13414f29bf85c446fb3fcd02 + - 15ee5d90323141f0b2c3892b9bb8b695 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8328,7 +8668,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:51 GMT + - Tue, 04 Nov 2025 18:02:43 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8338,7 +8678,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=325,atl-edge;dur=322,atl-edge-internal;dur=14,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="gIr-iFP9i0541dGmMb_zIdQDC-Uw48LIoTvzsxURrG-4K3LgxT430Q==",cdn-downstream-fbl;dur=329 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=195,atl-edge;dur=171,atl-edge-internal;dur=17,atl-edge-upstream;dur=154,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="nExqnuGvnhpuFvjIy1W6iJ9uj_BtDk-SYXS4-1rwhyo3o8yRTibDDw==",cdn-downstream-fbl;dur=198 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8348,15 +8688,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 505047c0efc37a1900f1288c6f749f90.cloudfront.net (CloudFront) + - 1.1 6d3c3e0af3263a7b3c6878f2fa9bbff6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - gIr-iFP9i0541dGmMb_zIdQDC-Uw48LIoTvzsxURrG-4K3LgxT430Q== + - nExqnuGvnhpuFvjIy1W6iJ9uj_BtDk-SYXS4-1rwhyo3o8yRTibDDw== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P1 X-Arequestid: - - b2186f1b9bb669695fe7afc1b3c96f73 + - 7f1d87d441b373a938bc920152a2ec43 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8380,7 +8724,103 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23616 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23616","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616","key":"NTEST-3175","fields":{"statuscategorychangedate":"2025-11-04T19:02:39.969+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:39.717+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sv:","updated":"2025-11-04T19:02:39.806+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: + [Jira Api Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* + http://localhost:8080/finding/240 (240)\n\n*Severity:* Medium\n\n\n*Due Date:* + Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Jira + Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616/comment","maxResults":0,"total":0,"startAt":0}}}' + headers: + Atl-Request-Id: + - 4805d705-c762-4bef-9534-74f236add184 + Atl-Traceid: + - 4805d705c7624bef953474f236add184 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Tue, 04 Nov 2025 18:02:43 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=289,atl-edge;dur=265,atl-edge-internal;dur=18,atl-edge-upstream;dur=247,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="Zi4DV03f3prUN_qAqPJO9_YD7e3Fvw04xjDtLQBDnybyYknn8nf3aA==",cdn-downstream-fbl;dur=292 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 81677ea21ca4917e071a8c310dd9130c.cloudfront.net (CloudFront) + X-Aaccountid: + - 5d3878b170e3c90c952f91f6 + X-Amz-Cf-Id: + - Zi4DV03f3prUN_qAqPJO9_YD7e3Fvw04xjDtLQBDnybyYknn8nf3aA== + X-Amz-Cf-Pop: + - DEN53-P3 + X-Arequestid: + - 1a2e9b1564b19619e2747681e843e1a1 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -8394,9 +8834,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - c7f7eef2-a4a8-4401-9b32-a3fb7852c212 + - c9481dbb-3484-4690-bf94-d3f810005d81 Atl-Traceid: - - c7f7eef2a4a844019b32a3fb7852c212 + - c9481dbb34844690bf94d3f810005d81 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8406,7 +8846,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:53 GMT + - Tue, 04 Nov 2025 18:02:43 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8416,7 +8856,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=498,atl-edge;dur=491,atl-edge-internal;dur=15,atl-edge-upstream;dur=476,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="c3jrIl76pD3jkJ10SQGq4HzUs6BJg8nRLkJBjdFKSpvAQR-aEh-DOg==",cdn-downstream-fbl;dur=501 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=327,atl-edge;dur=305,atl-edge-internal;dur=20,atl-edge-upstream;dur=285,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="DDNJSELk2umNkLUpRl83Ri-Wqk7IZ_UfCdDwOHouvM4q9vJl-nhcFQ==",cdn-downstream-fbl;dur=331 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8426,18 +8866,367 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront) + - 1.1 a42ce842e0f60814700ead82353e9f08.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - c3jrIl76pD3jkJ10SQGq4HzUs6BJg8nRLkJBjdFKSpvAQR-aEh-DOg== + - DDNJSELk2umNkLUpRl83Ri-Wqk7IZ_UfCdDwOHouvM4q9vJl-nhcFQ== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P2 X-Arequestid: - - 1b38381ffa2da6a261d14fa8a5862dcd + - 17931357cbd8d5561f50d4a6c5d51d92 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Jira Api Test 2", "description": "\n\n\n\n\n\n\n*Title*: [Jira Api + Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* http://localhost:8080/finding/240 + (240)\n\n*Severity:* Medium\n\n\n*Due Date:* Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* + [(admin) ()|mailto:]\n"}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1426' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.5 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23616 + response: + body: + string: '' + headers: + Atl-Request-Id: + - 42bbf820-b6e4-44be-82b7-c8fc9f825dc6 + Atl-Traceid: + - 42bbf820b6e444be82b7c8fc9f825dc6 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Tue, 04 Nov 2025 18:02:44 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=446,atl-edge;dur=354,atl-edge-internal;dur=20,atl-edge-upstream;dur=331,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="1zwYeyeyM5h3EcErX6VDA1L8AtPCV6shNb2x90yUvQ3qj5NIVdvUEg==",cdn-downstream-fbl;dur=449 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + Via: + - 1.1 979fd411be7856884369a8fd4e9bff60.cloudfront.net (CloudFront) + X-Aaccountid: + - 5d3878b170e3c90c952f91f6 + X-Amz-Cf-Id: + - 1zwYeyeyM5h3EcErX6VDA1L8AtPCV6shNb2x90yUvQ3qj5NIVdvUEg== + X-Amz-Cf-Pop: + - DEN53-P1 + X-Arequestid: + - 250615aeabcfbe557737065a62c1a215 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.5 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23616 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23616","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616","key":"NTEST-3175","fields":{"statuscategorychangedate":"2025-11-04T19:02:39.969+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:39.717+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sv:","updated":"2025-11-04T19:02:39.806+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: + [Jira Api Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* + http://localhost:8080/finding/240 (240)\n\n*Severity:* Medium\n\n\n*Due Date:* + Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Jira + Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616/comment","maxResults":0,"total":0,"startAt":0}}}' + headers: + Atl-Request-Id: + - ba8d4084-be1d-41a8-b845-11eeaae5fbf8 + Atl-Traceid: + - ba8d4084be1d41a8b84511eeaae5fbf8 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Tue, 04 Nov 2025 18:02:44 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=285,atl-edge;dur=261,atl-edge-internal;dur=20,atl-edge-upstream;dur=241,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="p0w-2Wu461GEaaUAAuGKKMTPDFg3gy68nanm9VTBubulSlIWx76EjA==",cdn-downstream-fbl;dur=289 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 96b078df4a5d96ad3cc52cfe9d984774.cloudfront.net (CloudFront) + X-Aaccountid: + - 5d3878b170e3c90c952f91f6 + X-Amz-Cf-Id: + - p0w-2Wu461GEaaUAAuGKKMTPDFg3gy68nanm9VTBubulSlIWx76EjA== + X-Amz-Cf-Pop: + - DEN52-P1 + X-Arequestid: + - 303423a52da482af79f56c2902e4ae4d + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.5 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:45.170+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 578f99f1-7db0-4a70-900a-d2fe9ab5dc21 + Atl-Traceid: + - 578f99f17db04a70900ad2fe9ab5dc21 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Tue, 04 Nov 2025 18:02:45 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=209,atl-edge;dur=186,atl-edge-internal;dur=19,atl-edge-upstream;dur=167,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="tHbo3eG0ebfklHCicGGPg8lN1TzwCNFvJ8-oxnY5mfHt19cZzJDaog==",cdn-downstream-fbl;dur=214 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 2bdc0b4100727fdf0a312e81266d0496.cloudfront.net (CloudFront) + X-Aaccountid: + - 5d3878b170e3c90c952f91f6 + X-Amz-Cf-Id: + - tHbo3eG0ebfklHCicGGPg8lN1TzwCNFvJ8-oxnY5mfHt19cZzJDaog== + X-Amz-Cf-Pop: + - DEN53-P3 + X-Arequestid: + - a29488c93f08409502186ecb3eacf80e + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.5 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest_new.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low_new.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - ff32b5a4-2422-46ac-8447-e342cc6e2062 + Atl-Traceid: + - ff32b5a4242246ac8447e342cc6e2062 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Tue, 04 Nov 2025 18:02:45 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=420,atl-edge;dur=330,atl-edge-internal;dur=16,atl-edge-upstream;dur=315,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="74gmyUqMquXx1vgaHYr1TdpQ-I-b8beTkc_fRt92BNZoTz4GtA5mlw==",cdn-downstream-fbl;dur=424 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 81677ea21ca4917e071a8c310dd9130c.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 5d3878b170e3c90c952f91f6 + X-Amz-Cf-Id: + - 74gmyUqMquXx1vgaHYr1TdpQ-I-b8beTkc_fRt92BNZoTz4GtA5mlw== + X-Amz-Cf-Pop: + - DEN53-P3 + X-Arequestid: + - 1da609fd3ace7576038c6d755d42a2ef + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8451,30 +9240,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/2] in [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. - Summary\n*Severity:* High *Due Date:* Aug. 24, 2025 \n\nFindings matching the - Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/38] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and + Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title + || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]|Active, Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|pg|0.5.3|[Jira - Api Test 3|http://localhost:8080/finding/253]|Active, Verified|\n\nFindings + Api Test 3|http://localhost:8080/finding/241]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]\n*Defect - Dojo link:* http://localhost:8080/finding/248 (248)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when @@ -8504,8 +9294,8 @@ interactions: (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]\n*Defect Dojo link:* http://localhost:8080/finding/250 - (250)\n*Severity:* Medium\n *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]\n*Defect Dojo link:* http://localhost:8080/finding/238 + (238)\n*Severity:* Medium\n *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when @@ -8531,9 +9321,9 @@ interactions: 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/253]\n*Defect - Dojo link:* http://localhost:8080/finding/253 (253)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/241]\n*Defect + Dojo link:* http://localhost:8080/finding/241 (241)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8553,21 +9343,21 @@ interactions: Connection: - keep-alive Content-Length: - - '8237' + - '8234' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"21270","key":"NTEST-3091","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21270"}' + string: '{"id":"23617","key":"NTEST-3176","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23617"}' headers: Atl-Request-Id: - - 4deb6aba-750f-411c-b4c8-ab3a57b7f7ab + - f0decc8b-9d30-43ca-8962-15389f495261 Atl-Traceid: - - 4deb6aba750f411cb4c8ab3a57b7f7ab + - f0decc8b9d3043ca896215389f495261 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8575,7 +9365,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:54 GMT + - Tue, 04 Nov 2025 18:02:46 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8585,7 +9375,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=899,atl-edge;dur=897,atl-edge-internal;dur=15,atl-edge-upstream;dur=882,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="inYiqz7IWVRDefMFh9jiWnxh0KKvGDlWknPxOmQ21KoFtifLpXvNrA==",cdn-downstream-fbl;dur=903 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=818,atl-edge;dur=794,atl-edge-internal;dur=16,atl-edge-upstream;dur=777,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="bPrIcS5nR418--vXoG2RPlt8NsKTXTznFVHgCGJ6L5-zUjo7mCxgpw==",cdn-downstream-fbl;dur=823 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8595,15 +9385,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5e473a5e64c6a2f7bc916721cc188252.cloudfront.net (CloudFront) + - 1.1 bd570b43eaed44365882fda303fb189c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - inYiqz7IWVRDefMFh9jiWnxh0KKvGDlWknPxOmQ21KoFtifLpXvNrA== + - bPrIcS5nR418--vXoG2RPlt8NsKTXTznFVHgCGJ6L5-zUjo7mCxgpw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P1 X-Arequestid: - - 0e7268f8ea6f5c09cf9357e84e5ab505 + - 295b36c1b9b4044f25dda9a9ae8b4a0e + X-Beta-Ratelimit-Limit: + - '200' + X-Beta-Ratelimit-Remaining: + - '199' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8627,43 +9421,43 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3091 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3176 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21270","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21270","key":"NTEST-3091","fields":{"statuscategorychangedate":"2025-07-25T21:04:54.773+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23617","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23617","key":"NTEST-3176","fields":{"statuscategorychangedate":"2025-11-04T19:02:46.464+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3091/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3091/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:04:54.523+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i0129j:","updated":"2025-07-25T21:04:54.626+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3176/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3176/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:46.206+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013t3:","updated":"2025-11-04T19:02:46.305+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/2] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/38] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]|Active, Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|pg|0.5.3|[Jira - Api Test 3|http://localhost:8080/finding/253]|Active, Verified|\n\nFindings + Api Test 3|http://localhost:8080/finding/241]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]\n*Defect - Dojo link:* http://localhost:8080/finding/248 (248)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -8693,9 +9487,9 @@ interactions: - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < - 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]\n*Defect - Dojo link:* http://localhost:8080/finding/250 (250)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]\n*Defect + Dojo link:* http://localhost:8080/finding/238 (238)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -8721,9 +9515,9 @@ interactions: to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/253]\n*Defect - Dojo link:* http://localhost:8080/finding/253 (253)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/241]\n*Defect + Dojo link:* http://localhost:8080/finding/241 (241)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8733,12 +9527,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: pg:5.1.0","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21270/comment","maxResults":0,"total":0,"startAt":0}}}' + in: pg:5.1.0","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23617/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - fd2b32a2-9948-41cd-88bf-6cbd1df98189 + - ae16c5fa-4eb5-45c7-9768-a228c2608bc2 Atl-Traceid: - - fd2b32a2994841cd88bf6cbd1df98189 + - ae16c5fa4eb545c79768a228c2608bc2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8748,7 +9542,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:56 GMT + - Tue, 04 Nov 2025 18:02:47 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8758,7 +9552,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=408,atl-edge;dur=406,atl-edge-internal;dur=14,atl-edge-upstream;dur=392,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="4XEfX4dJ5YBwAI6f_SnCh62tKrKvq7y21EwpkduMm4pqSHftmVvGiA==",cdn-downstream-fbl;dur=412 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=289,atl-edge;dur=265,atl-edge-internal;dur=35,atl-edge-upstream;dur=226,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="9_rx9QRyZITZN524ptMviKyTCUzgQbP0Qurx0P9_PJG6MqQp5OUIew==",cdn-downstream-fbl;dur=293 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8768,15 +9562,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0462a83c1b4a9fa5a2554db6feb3a19c.cloudfront.net (CloudFront) + - 1.1 4c98f000f0c28d2e527e3c684f54be1e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 4XEfX4dJ5YBwAI6f_SnCh62tKrKvq7y21EwpkduMm4pqSHftmVvGiA== + - 9_rx9QRyZITZN524ptMviKyTCUzgQbP0Qurx0P9_PJG6MqQp5OUIew== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P1 X-Arequestid: - - 3a9d3e56327d95940564f0fcc0b23d6b + - 36f82e86b37e2bb4c9eb2e77bb770132 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8800,43 +9598,43 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21270 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23617 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21270","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21270","key":"NTEST-3091","fields":{"statuscategorychangedate":"2025-07-25T21:04:54.773+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23617","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23617","key":"NTEST-3176","fields":{"statuscategorychangedate":"2025-11-04T19:02:46.464+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3091/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3091/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:04:54.523+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i0129j:","updated":"2025-07-25T21:04:54.626+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3176/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3176/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:46.206+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013t3:","updated":"2025-11-04T19:02:46.305+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/2] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/38] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]|Active, Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|pg|0.5.3|[Jira - Api Test 3|http://localhost:8080/finding/253]|Active, Verified|\n\nFindings + Api Test 3|http://localhost:8080/finding/241]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]\n*Defect - Dojo link:* http://localhost:8080/finding/248 (248)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -8866,9 +9664,9 @@ interactions: - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < - 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]\n*Defect - Dojo link:* http://localhost:8080/finding/250 (250)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]\n*Defect + Dojo link:* http://localhost:8080/finding/238 (238)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -8894,9 +9692,9 @@ interactions: to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/253]\n*Defect - Dojo link:* http://localhost:8080/finding/253 (253)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/241]\n*Defect + Dojo link:* http://localhost:8080/finding/241 (241)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8906,12 +9704,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: pg:5.1.0","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21270/comment","maxResults":0,"total":0,"startAt":0}}}' + in: pg:5.1.0","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23617/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 1cb429ad-102a-4cbe-bdd8-bd79665f5db7 + - 4ea7d719-18a3-40c3-b698-4abff25d6fb3 Atl-Traceid: - - 1cb429ad102a4cbebdd8bd79665f5db7 + - 4ea7d71918a340c3b6984abff25d6fb3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8921,7 +9719,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:57 GMT + - Tue, 04 Nov 2025 18:02:47 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8931,7 +9729,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=440,atl-edge;dur=439,atl-edge-internal;dur=14,atl-edge-upstream;dur=424,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="mlCHpIoisIq-pHtHMNUGGlGlxjoX5_JVoaW_yC84De6Y7z71xz5uWw==",cdn-downstream-fbl;dur=444 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=275,atl-edge;dur=251,atl-edge-internal;dur=20,atl-edge-upstream;dur=231,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="1OLwfyJy1uXCc91W2rGv1pQEnhKb-7nX5SWZFbgm25TbkrgQfBXTOA==",cdn-downstream-fbl;dur=280 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8941,15 +9739,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 eeaafdd5e22d1448912c6cf3e1e5bd58.cloudfront.net (CloudFront) + - 1.1 99c24ff7a4f9141fb603a870f066e056.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - mlCHpIoisIq-pHtHMNUGGlGlxjoX5_JVoaW_yC84De6Y7z71xz5uWw== + - 1OLwfyJy1uXCc91W2rGv1pQEnhKb-7nX5SWZFbgm25TbkrgQfBXTOA== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P3 X-Arequestid: - - ee7285228e40f42310c9e8eccc76538d + - dab854a944dc31573ad115bb07e6660f + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: