Add GLSA gentoo vulnid

[manuel-sommer]

Add GLSA gentoo vulnid and logic to resolve it.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Sensitive Functions Analyzer	✅	0 findings
Configured Sensitive Files Analyzer	✅	0 findings
Sensitive Files Analyzer	❕	1 findings

Note

🟢 Risk threshold not exceeded.

Tip

Get answers to your security questions. Add a comment in this PR starting with @DryRunSecurity. For example...

@dryrunsecurity What are common security issues with web application cookies?

Powered by DryRun Security

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on improving the handling of vulnerability IDs and their corresponding URLs within the DefectDojo application, including the introduction of support for a new vulnerability ID prefix "GLSA" and enhancements to the URL generation process to handle different vulnerability ID formats and support more complex URL structures.

Expand for full summary

Summary:

The code changes in this pull request focus on improving the handling of vulnerability IDs and their corresponding URLs within the DefectDojo application. The key changes include:

1. Introducing support for a new vulnerability ID prefix "GLSA" (Gentoo Linux Security Advisory), which allows the application to generate URLs for these types of vulnerabilities.
2. Updating the URL generation logic to handle different vulnerability ID formats (e.g., "AVD", "KHV", "C-") by converting them to lowercase before generating the URL.
3. Enhancing the URL generation process to support vulnerability IDs with "&&" in the VULNERABILITY_URLS setting, allowing for more complex URL structures.
4. Adding a new vulnerability URL mapping for the "GLSA" vulnerability identifier in the application settings.

From an application security perspective, these changes do not introduce any obvious security concerns, as they primarily focus on improving the flexibility and usability of the vulnerability management functionality within DefectDojo. As long as the VULNERABILITY_URLS settings are properly configured and validated, these changes should not introduce any security vulnerabilities.

Files Changed:

1. dojo/templatetags/display_tags.py: This file contains the vulnerability_url function, which has been updated to handle the new "GLSA" vulnerability ID prefix and improve the handling of other ID formats.
2. dojo/settings/settings.dist.py: This file has been updated to include a new vulnerability URL mapping for the "GLSA" vulnerability identifier, allowing DefectDojo to generate links to the corresponding Gentoo security advisory pages.
3. dojo/settings/.settings.dist.py.sha256sum: This file contains a checksum for verifying the integrity of the dojo/settings/.settings.dist.py file. The checksum has been updated to reflect the changes made in the settings.dist.py file.

Code Analysis

We ran 9 analyzers against 3 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Configured Codepaths Analyzer	2 findings

Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[mtesauro]

Approved