-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecate Python-jose and migrate okta to python_social_auth #10117
base: dev
Are you sure you want to change the base?
Conversation
Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.
Note 🔴 Risk threshold exceeded. Adding a reviewer if one is configured in notification list: @mtesauro @grendel513 Change Summary (click to expand)The following is a summary of changes in this pull request made by me, your security buddy 🤖. Summary: The changes in this pull request focus on updating the authentication backends used in the DefectDojo application and modifying the Python dependencies required for the application. The key changes to the authentication backends include replacing the custom The changes to the Files Changed:
Overall, the changes in this pull request appear to be positive security improvements for the DefectDojo application, focusing on enhancing the authentication process and updating the application's dependencies to address potential vulnerabilities and improve the overall security posture. Powered by DryRun Security |
I just saw that python-jose is used django-DefectDojo/dojo/okta.py Line 8 in f66e6db
We also have PyJWT in requirements.txt How about migrating okta.py to PyJWT? |
We could probably get rid of our version of the okta backend and instead use https://github.com/python-social-auth/social-core/blob/master/social_core/backends/okta.py At the time, the PR to add the okta backend https://github.com/python-social-auth/social-core was not getting in quick enough for DefectDojo, so we copied the code, and pasted it in here |
4b2686d
to
8d47efc
Compare
99d717f
to
9b39a66
Compare
Done @Maffooch. Could you give me feedback here? |
Python-jose can be deprecated if we switch to python_social_auth