auditlog: switch to pghistory (for real)#13587
Conversation
github-actions
bot
added
settings_changes
github-actions
bot
added
the
New Migration
|
Converted back to draft as we need to align the merge/release with Pro. |
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
valentijnscholten
changed the title
valentijnscholten
added
the
affects_pro
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
valentijnscholten
force-pushed
the
pghistory-for-real
branch
from
205d9e0 to
a097be5
Compare
🔴 Risk threshold exceeded.This pull request modifies several sensitive code paths (dojo/filters.py, dojo/middleware.py, and two DB migration scripts dojo/db_migrations/0249_* and 0250_*), which the scanner flagged as sensitive edits that may require configuration of allowed authors or paths in .dryrunsecurity.yaml. None of the findings are marked blocking, but they are flagged at a failing risk threshold and should be reviewed carefully.
🔴 Configured Codepaths Edit in
|
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/middleware.py
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/middleware.py
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/db_migrations/0249_findingreviewers_findingreviewersevent_and_more.py
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/db_migrations/0250_pghistory_backfill.py
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/filters.py
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
We've notified @mtesauro.
All finding details can be found in the DryRun Security Dashboard.
* auditlog: switch to pghistory * ruff * pghistory: add finding.reviewers to tracked models * fix finding reviewers model registration * remove more references * add migration * rebase migrations * rebase migrations * rebase * ruff * rebase * cleanup * remove obsolete test * ruff * move auditlog in settings.dist.py --------- Co-authored-by: Valentijn Scholten <valentijn.scholten@iodigital.com>
5 participants
In #13169 we introducted
django-pghistoryas an alternative auditlog solution. The goal has always been to move todjango-pghistory, which is what this PR does now that we have had some time to test it.This PR:
DD_AUDITLOG_TYPEdjango-auditlogdjango-auditlogI tried removing the
django-auditlogas a dependency, but this has some complications. We may have to postpone this a bit to not have everything in one release.