dashboard: last 7 days should be 7 days

[valentijnscholten]

Fixes #11541

[dryrunsecurity]

DryRun Security Summary

The code changes primarily focus on updating the dashboard functionality by modifying the date range for data filtering and adjusting unit tests, with no apparent security vulnerabilities introduced, though proper review of access control and authorization mechanisms is recommended.

Expand for full summary

Summary:

The provided code changes are focused on updates to the dashboard functionality of the application, including modifications to the date range used for filtering data and updates to the unit tests for the dashboard. From an application security perspective, these changes do not introduce any obvious security vulnerabilities.

The changes to the dojo/home/views.py file update the date_range variable to include the last 7 days, including the current day, which is a straightforward update and does not seem to have any security implications. However, it's important to review the broader context of the application, such as the implementation of the get_authorized_engagements and get_authorized_findings functions, to ensure proper access control and authorization checks.

The changes to the unittests/test_dashboard.py file focus on updating the expected values for various counters in the dashboard tests. While these changes do not directly involve security-related functionality, there are a few points worth noting, such as the use of hardcoded dates, mocking of the timezone.now() function, the deactivation of the deduplication feature, and the bulk creation of findings. These aspects should be reviewed to ensure that the application can handle a wide range of scenarios, including edge cases, and that any security-related features are properly tested.

Overall, the provided code changes appear to be focused on improving the functionality and testing of the dashboard, and they do not introduce any obvious security concerns. However, it's always important to conduct a comprehensive security review of the entire application to identify and address any potential vulnerabilities.

Files Changed:

1. dojo/home/views.py: The changes update the date_range variable in the dashboard function to include the last 7 days, including the current day, which is a straightforward update and does not seem to have any security implications.
2. unittests/test_dashboard.py: The changes update the expected values for various counters in the dashboard tests, such as the engagement count, finding count, mitigated count, and accepted count. While these changes do not directly involve security-related functionality, there are a few points worth noting, such as the use of hardcoded dates, mocking of the timezone.now() function, the deactivation of the deduplication feature, and the bulk creation of findings.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[dryrunsecurity]

DryRun Security Summary

The code change modifies the date range in the dashboard function from "today - 6 days" to "today - 7 days" to include the current day, which appears security-neutral but warrants thorough testing to ensure no unintended consequences.

Expand for full summary

Summary:

The code change in the provided patch appears to be a minor adjustment to the date range used in the dashboard function. Specifically, the code changes the date range from "today - 6 days" to "today - 7 days", effectively including the current day in the 7-day range. From an application security perspective, this change does not introduce any obvious security concerns, as it is a simple adjustment to the date range and does not involve any complex logic or potentially vulnerable operations.

However, it's always important to review the entire codebase and consider the broader context of the application to ensure that there are no other security implications. For example, it would be good to verify that the findings data being displayed is properly sanitized and that there are no potential injection vulnerabilities or other security issues in the surrounding code. Additionally, it's worth considering whether the change in date range might have any unintended consequences or impact on the application's functionality. While the change seems minor, it's always important to thoroughly test any code changes to ensure they do not introduce unexpected behavior or regressions.

Files Changed:

• dojo/home/views.py: The code change in this file adjusts the date range used in the dashboard function from "today - 6 days" to "today - 7 days", effectively including the current day in the 7-day range. This change does not introduce any obvious security concerns, but a comprehensive review of the codebase and thorough testing would be recommended to ensure the application's security and stability.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[mtesauro]

Approved