Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
Glenn ten Cate
@blabla1337
@balajiswami14 @danspils_twitter
Just for my information, the updating of any ASVS checklist is not working?
because the message I see is indeed related to the input validation we do
Glenn ten Cate
@blabla1337
Hmm there was a max length as well that disabled the update button as the titels of the security controls where to long
but in my case it was disabled so the update button didnt work
what type of input did you use when you got back the error message?
Validation Error on val_alpha_num_special
So what security control did you try to update
and what did you tried to change?
so I can reproduce it here as well
Glenn ten Cate
@blabla1337
@balajiswami14 about your remarks of the readme.io documentation. This is a bit old dated im afraid, what you see is functionality how SKF was in the past. The in-depth audit functionality with Developr Role and Security role we removed as the feedback we got was that its not used and done in the companies own tracking / vulnerability systems. Also for the manage users part we also removed it as we are now working on to get SAML integration so the whole Manage Users part will be done outside of SKF. Again the companies want that and not the manual creation and managing
So yeah good point we need to update the readme.io site :P
DanspilS 🌍
@danspils_twitter
Here's my steps:
  1. create new checklist called test and give it some alphanumeric (no specials) entries in each box.
  2. go to manage checklist page and click update on the one you created above.
  3. tweak some of the text (still no specials) in the checklist description box and hit update.
  4. watch the console explode! or at least 400 on the PUT.
Glenn ten Cate
@blabla1337
check, I just found it
had to enable persistant logs in developer of firefox...
Glenn ten Cate
@blabla1337
ok I found the problem
foobar @ " ' () ; a-z A-Z 0-9 _ . , - / ! # ^ & +'
is all good
but this one \
is triggering it
should I also add |
?
for the checklist title I have now these working characters that are allowe
foobar @ " ' () ; a-z A-Z 0-9 _ . , - / ! # ^ & +' \ : |
DanspilS 🌍
@danspils_twitter
(Y)
Glenn ten Cate
@blabla1337
ok let me commit
and roll out version 3.0.4
balajiswami14
@balajiswami14

@blabla1337 Checklist Options -> Manage checklists -> Select any one checklist -> Add checklist items -> Checklist edit options -> Click on any checklist item a.k.a the ASVS control

Say, if you want to choose a different "KB item" for a particular control and you select it, applying the "Update" button doesn't work. Also the checklist title isn't editable as well.

Eg:
Checklist title: "erify that passwords can contain spaces and truncation is not performed. Consecutive multiple spaces MAY optionally be coalesced"

This isnt editable and the "Update" isnt getting commited
Glenn ten Cate
@blabla1337
Check I also noticed that
but it was due to the fact of the max length of the field
I also removed that
for me the update button worked then
plus the special chars like | \
was not allowed and that triggered the 400 response
is also fixed now
Glenn ten Cate
@blabla1337
Ok I have updated the docker images
new versions are available with these fixes
DanspilS 🌍
@danspils_twitter
super support! confirmed part fixed in angular:1.3 and api:1.3. partly fixed because i can now update a checklist unless i use a return character. e.g. if i enter a description of test1 test2 then it works fine but put a return /n between test1 and test2 and I get the same error as before.
balajiswami14
@balajiswami14

Thanks a ton for the quick support!! The edit works like a charm now :)

Agree on the documentation part wrt the User management and the Developer/Security role options. I too am planning to integrate this with our JIRA.

Would be great if you can take a loot at the 3rd item i mentioned.

//

  1. https://skf.readme.io/docs/post-development-stage
    I just set some controls as True & False but that data doesnt appear in the Summary tab - where it is supposed to show the open, closed items etc in Red, Green etc.//
Glenn ten Cate
@blabla1337
@danspils_twitter lets see if we need that in the security control titles \, as for us we never came across that need :P
we can always modify it and add it if its really necessary
@balajiswami14 aah check perfect, yes indeed we made it more basic then we had before
we can make it a bit more fancy in the future again
we are currently busy with the SAML integration
after that we will have a look at those nice UI improvements :)
DanspilS 🌍
@danspils_twitter
image.png
Ah this isn't in the title, it's in the Checklist description
Glenn ten Cate
@blabla1337
Ooh crap ^^
Yes that we need to allow indeed