Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Copier crashes if mitigation history is messy #23

Open
relaxnow opened this issue Jan 16, 2024 · 0 comments · May be fixed by #25
Open

Copier crashes if mitigation history is messy #23

relaxnow opened this issue Jan 16, 2024 · 0 comments · May be fixed by #25

Comments

@relaxnow
Copy link

relaxnow commented Jan 16, 2024
edited
Loading

Below are real world sequences of actions that exist in an application I'm working with that would cause the /annotations API to throw a 401 or 403 (in order of oldest to newest).

I suggest:

  1. Ignore Custom Cleanser actions;
  2. Ignore 401 and 403 responses on the /annotations api and let the Mitigation Copier log failure but keep processing actions.

Observed messy mitigation histories:

Approved before proposed

  1. APPROVED <- Illegal, no mitigation proposal yet
  2. APPDESIGN
  3. APPROVED

Custom cleanser

  1. CUSTOMCLEANSERPROPOSED <- Illegal, not supported through API
  2. CUSTOMCLEANSERUSERCOMMENT
  3. APPROVED

Multiple approvals

  1. CUSTOMCLEANSERPROPOSED
  2. CUSTOMCLEANSERUSERCOMMENT
  3. APPROVED
  4. CUSTOMCLEANSERUSERCOMMENT <- Illegal, already approved
  5. CUSTOMCLEANSERPROPOSED
  6. CUSTOMCLEANSERUSERCOMMENT
  7. CUSTOMCLEANSERUSERCOMMENT
  8. APPROVED
  9. CUSTOMCLEANSERUSERCOMMENT
  10. CUSTOMCLEANSERUSERCOMMENT

Proposal after approval

  1. APPDESIGN
  2. APPROVED
  3. APPDESIGN
  4. COMMENT
  5. APPROVED
  6. APPDESIGN
  7. COMMENT
  8. APPROVED
  9. APPROVED
  10. APPDESIGN
  11. APPROVED
  12. APPDESIGN
  13. APPROVED
  14. APPDESIGN
  15. COMMENT
  16. APPROVED
  17. ...
relaxnow pushed a commit to relaxnow/veracode-mitigation-copier that referenced this issue Jan 16, 2024
Don't crash on custom cleanser or messy histories. Fixes tjarrettvera…
77273ca 
…code#23
@relaxnow relaxnow linked a pull request Jan 16, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Don't crash on custom cleanser or messy histories. relaxnow/veracode-mitigation-copier
1 participant
@relaxnow