django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard

Published 20 hours ago verified publisher icon DefectDojo

SLA Breach Notification for Disabled Severity Level

Open c3r63ru5 opened this issue 6 months ago • 0 comments

Bug description I think I stumbled over a bug and found the fix for me, posted in Slack without response before I opened this. When you disable SLA for a severity level, all findings in this category get alerted as SLA breach. Looking at the database content, the sla_expiry_date is set to NULL (mysql). util.py will check the value of sla_age and if None (which is the case) set it to 0. Few lines later when age == 0, you alert an SLA breach. Continuing instead of setting the sla_age = 0 fixed the issue for me.

Steps to reproduce Steps to reproduce the behavior:

  1. Go to Configuration / SLA Configuration
  2. Disable "Enforce Low Finding SLA Days"
  3. Enable Notifications for SLA Breaches
  4. Run python manage.py sla_notifications

Expected behavior No notifications for findings without an SLA (in this case low severity), instead all findings without SLA are marked as SLA breach.

Deployment method (select with an X)

  • [X] Docker Compose (Migrated DB to MySQL 8)
  • [ ] Kubernetes
  • [ ] GoDojo

Environment information

  • DefectDojo version v. 2.36.5 ( release mode )

c3r63ru5 avatar Aug 01 '24 10:08 c3r63ru5