Skip to content

DRF Spectacular: Enable sidecar by default#9645

Merged
mtesauro merged 1 commit into
DefectDojo:devfrom
Maffooch:api
Mar 4, 2024
Merged

DRF Spectacular: Enable sidecar by default#9645
mtesauro merged 1 commit into
DefectDojo:devfrom
Maffooch:api

Conversation

@Maffooch
Copy link
Copy Markdown
Contributor

@Maffooch Maffooch commented Feb 28, 2024

Most of the endpoints in the drf-spectacular docs do not have any meaningful examples or response bodies present. This makes the API much more difficult to use. fixes #9629

[sc-4511]

@github-actions github-actions Bot added settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR and removed apiv2 labels Feb 28, 2024
@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Feb 28, 2024

Contextual Security Analysis

As DryRun Security performs checks, we’ll summarize them here. You can always dive into the detailed results in the section below for checks.

Status DryRun Security Check
Sensitive Functions Analyzer
Configured Sensitive Files Analyzer
Sensitive Files Analyzer

Chat with your AI-powered Security Buddy by typing @dryrunsecurity followed by your question into a comment.
Example: @dryrunsecurity What are common security issues with web application cookies?

Install and configure more repositories at DryRun Security

@mtesauro
Copy link
Copy Markdown
Contributor

mtesauro commented Feb 29, 2024

@Maffooch Based on the comment in #9629 is setting DD_DEFAULT_SWAGGER_UI to false the solution we're going with or should this be updated?

@Maffooch
Copy link
Copy Markdown
Contributor Author

Maffooch commented Mar 1, 2024

@mtesauro there has been some developments in this area. The swagger UI project has implemented a fix, and is targeting a release on Monday, so this issue should resolve itself upstream without any action from us.

However, I think it may be wise to start pinning the swagger UI version via the sidecar app. They release monthly, so we could have a higher chance of catching things like this before we do our releases.

Here is a link to a similar response in the issue: #9629 (comment)

@kiblik kiblik mentioned this pull request Mar 1, 2024
Closed
@mtesauro
Copy link
Copy Markdown
Contributor

mtesauro commented Mar 2, 2024

@Maffooch Yeah, I agree that pinning makes sense to allow us to handle situations like this more gracefully.

mtesauro
mtesauro approved these changes Mar 4, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 5b93c47 into DefectDojo:dev Mar 4, 2024
@Maffooch Maffooch deleted the api branch May 8, 2024 17:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@devGregA devGregA devGregA approved these changes

+2 more reviewers

@grendel513 grendel513 grendel513 approved these changes

@cneill cneill cneill approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

bugfix settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Maffooch @mtesauro @grendel513 @cneill @devGregA