Skip to content

Commit

Permalink
Merge pull request #8986 from DefectDojo/master-into-dev/2.28.1-2.29.…
Browse files Browse the repository at this point in the history 
…0-dev

Release: Merge back 2.28.1 into dev from: master-into-dev/2.28.1-2.29.0-dev
  • Loading branch information
@Maffooch
Maffooch authored Nov 13, 2023
2 parents 586dd77 + 5412d8c commit bffcb5e
Show file tree
Hide file tree
Showing 17 changed files with 299 additions and 138 deletions.
2 changes: 1 addition & 1 deletion .dryrunsecurity.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,4 +64,4 @@ allowedAuthors:
- blakeowens
notificationList:
- '@mtesauro'
- '@grendel513'
- '@grendel513'
2 changes: 1 addition & 1 deletion docs/content/en/getting_started/architecture.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ for asynchronous execution. [RabbitMQ](https://www.rabbitmq.com/) is a well esta

## Celery Worker

Tasks like deduplication or the JIRA synchonization are performed asynchronously
Tasks like deduplication or the JIRA synchronization are performed asynchronously
in the background by the [Celery](https://docs.celeryproject.org/en/stable/)
Worker.

Expand Down
4 changes: 4 additions & 0 deletions docs/content/en/getting_started/upgrading.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,10 @@ godojo installations
If you have installed DefectDojo on "iron" and wish to upgrade the installation, please see the [instructions in the repo](https://github.com/DefectDojo/godojo/blob/master/docs-and-scripts/upgrading.md).
## Upgrading to DefectDojo Version 2.28.x.
There are no special instruction for upgrading to 2.28.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.28.0) for the contents of the release.
## Upgrading to DefectDojo Version 2.27.x.
There are no special instruction for upgrading to 2.27.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.27.0) for the contents of the release.
Expand Down
3 changes: 3 additions & 0 deletions docs/content/en/integrations/burp-plugin.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ draft: false
weight: 8
---

**Please note: The DefectDojo Burp Plugin has been sunset and is no longer a supported feature.**

Burp is still a supported tool, and all the results from it can be imported into DefectDojo. Burp can produce XML reports and these can be uploaded to DefectDojo using the graphical user interface or the API. Our documentation at https://documentation.defectdojo.com/integrations/parsers/file/burp/ describes this usage.

This is Burp Plugin to export findings directly to DefectDojo.

Expand Down
2 changes: 1 addition & 1 deletion docs/content/en/integrations/parsers/api/sonarqube.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Extras field separated by commas (e.g. `BUG,VULNERABILITY,CODE_SMELL`). When usi
SonarCloud, you must also specify the Organization ID in the Extras field as follows
`OrgID=sonarcloud-organzation-ID`. If also specifying issue type filters, please
seperate the items in the Extras field by a vertical bar as follows
`BUG,VULNERABILITY,CODE_SMEL|OrgID=sonarcloud-organzation-ID`
`BUG,VULNERABILITY,CODE_SMELL|OrgID=sonarcloud-organzation-ID`

In "Add API Scan Configuration"
- `Service key 1` must
Expand Down
2 changes: 1 addition & 1 deletion dojo/decorators.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ def _wrapped(request, *args, **kw):
if username:
dojo_user = Dojo_User.objects.filter(username=username).first()
if dojo_user:
Dojo_User.enable_force_password_rest(dojo_user)
Dojo_User.enable_force_password_reset(dojo_user)
raise Ratelimited()
return fn(request, *args, **kw)
return _wrapped
Expand Down
37 changes: 29 additions & 8 deletions dojo/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2967,20 +2967,41 @@ def get_breadcrumbs(self):
'url': reverse('view_finding', args=(self.id,))}]
return bc

def get_valid_request_response_pairs(self):
empty_value = base64.b64encode("".encode())
# Get a list of all req/resp pairs
all_req_resps = self.burprawrequestresponse_set.all()
# Filter away those that do not have any contents
valid_req_resps = all_req_resps.exclude(
burpRequestBase64__exact=empty_value,
burpResponseBase64__exact=empty_value,
)

return valid_req_resps

def get_report_requests(self):
if self.burprawrequestresponse_set.count() >= 3:
return self.burprawrequestresponse_set.all()[0:3]
elif self.burprawrequestresponse_set.count() > 0:
return self.burprawrequestresponse_set.all()
# Get the list of request response pairs that are non empty
request_response_pairs = self.get_valid_request_response_pairs()
# Determine how many to return
if request_response_pairs.count() >= 3:
return request_response_pairs[0:3]
elif request_response_pairs.count() > 0:
return request_response_pairs

def get_request(self):
if self.burprawrequestresponse_set.count() > 0:
reqres = self.burprawrequestresponse_set().first()
# Get the list of request response pairs that are non empty
request_response_pairs = self.get_valid_request_response_pairs()
# Determine what to return
if request_response_pairs.count() > 0:
reqres = request_response_pairs.first()
return base64.b64decode(reqres.burpRequestBase64)

def get_response(self):
if self.burprawrequestresponse_set.count() > 0:
reqres = self.burprawrequestresponse_set.first()
# Get the list of request response pairs that are non empty
request_response_pairs = self.get_valid_request_response_pairs()
# Determine what to return
if request_response_pairs.count() > 0:
reqres = request_response_pairs.first()
res = base64.b64decode(reqres.burpResponseBase64)
# Removes all blank lines
res = re.sub(r'\n\s*\n', '\n', res)
Expand Down
2 changes: 1 addition & 1 deletion dojo/reports/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ def custom_report(request):
return render(request,
'dojo/custom_html_report.html',
{"widgets": widgets,
"host": host,
"host": "",
"finding_notes": finding_notes,
"finding_images": finding_images,
"user_id": request.user.id})
Expand Down
57 changes: 40 additions & 17 deletions dojo/templates/dojo/endpoint_pdf_report.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,32 +170,55 @@ <h5>

{% include "dojo/snippets/endpoints.html" with finding=finding destination="Report" %}

<h6>CVSS v3</h6>
<pre>{{ finding.cvssv3 }}</pre>
{% if finding.cvssv3 %}
<h6>CVSS v3</h6>
<pre>{{ finding.cvssv3|markdown_render }}</pre>
{% endif %}

<h6>Description</h6>
<pre>{{ finding.description }}</pre>
<h6>Mitigation</h6>
<pre>{{ finding.mitigation }}</pre>
{% if finding.get_report_requests %}
<pre>{{ finding.description|markdown_render }}</pre>

{% if finding.mitigation %}
<h6>Mitigation</h6>
<pre>{{ finding.mitigation|markdown_render }}</pre>
{% endif %}

{% if finding.get_report_requests %}
<h5>Sample Request(s): Displaying {{finding.get_report_requests.count}} of {{finding.burprawrequestresponse_set.count}}</h5>
{% for req in finding.get_report_requests %}
<h6>Request {{forloop.counter}} </h6>
<pre>{{ req.get_request }}</pre>
{% if req.get_response %}
<h6>Response {{forloop.counter}}</h6>
<pre>{{ req.get_response|truncatechars_html:800 }}</pre>
{% endif %}
<h6>Request {{forloop.counter}} </h6>
<pre class="raw_request">{{ req.get_request }}</pre>
{% if req.get_response != "" %}
<h6>Response {{forloop.counter}}</h6>
<pre class="raw_request">{{ req.get_response|truncatechars_html:800 }}</pre>
{% endif %}
{% endfor %}
{% endif %}
{% endif %}

{% if finding.impact %}
<h6>Impact</h6>
<pre>{{ finding.impact|markdown_render }}</pre>
{% endif %}

{% if finding.steps_to_reproduce %}
<h6>Steps to Reproduce</h6>
<pre>{{ finding.steps_to_reproduce|markdown_render }}</pre>
{% endif %}

<h6>Impact</h6>
<pre>{{ finding.impact }}</pre>
<h6>References</h6>
<pre>{{ finding.references }}</pre>
{% if finding.severity_justification %}
<h6>Severity Justification</h6>
<pre>{{ finding.severity_justification|markdown_render }}</pre>
{% endif %}

{% if finding.references %}
<h6>References</h6>
<pre>{{ finding.references|markdown_render }}</pre>
{% endif %}

{% if include_finding_images %}
{% include "dojo/snippets/file_images.html" with size='original' obj=finding format="HTML" %}
{% endif %}

{% if include_finding_notes %}
{% with notes=finding.notes.all|get_public_notes %}
{% if notes.count > 0 %}
Expand Down
54 changes: 34 additions & 20 deletions dojo/templates/dojo/engagement_pdf_report.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -295,41 +295,55 @@ <h5>

{% include "dojo/snippets/endpoints.html" with finding=finding destination="Report" %}

<h6>CVSS v3</h6>
<pre>{{ finding.cvssv3|markdown_render }}</pre>
{% if finding.cvssv3 %}
<h6>CVSS v3</h6>
<pre>{{ finding.cvssv3|markdown_render }}</pre>
{% endif %}

<h6>Description</h6>
<pre>{{ finding.description|markdown_render }}</pre>

<h6>Mitigation</h6>
<pre>{{ finding.mitigation|markdown_render }}</pre>
{% if finding.get_report_requests %}
{% if finding.mitigation %}
<h6>Mitigation</h6>
<pre>{{ finding.mitigation|markdown_render }}</pre>
{% endif %}

{% if finding.get_report_requests %}
<h5>Sample Request(s): Displaying {{finding.get_report_requests.count}} of {{finding.burprawrequestresponse_set.count}}</h5>
{% for req in finding.get_report_requests %}
<h6>Request {{forloop.counter}} </h6>
<pre>{{ req.get_request }}</pre>
{% if req.get_response %}
<h6>Response {{forloop.counter}}</h6>
<pre>{{ req.get_response|truncatechars_html:800 }}</pre>
{% endif %}
<h6>Request {{forloop.counter}} </h6>
<pre class="raw_request">{{ req.get_request }}</pre>
{% if req.get_response != "" %}
<h6>Response {{forloop.counter}}</h6>
<pre class="raw_request">{{ req.get_response|truncatechars_html:800 }}</pre>
{% endif %}
{% endfor %}
{% endif %}
{% endif %}

<h6>Impact</h6>
<pre>{{ finding.impact|markdown_render }}</pre>
{% if finding.impact %}
<h6>Impact</h6>
<pre>{{ finding.impact|markdown_render }}</pre>
{% endif %}

{% if finding.steps_to_reproduce %}
<h6>Steps to Reproduce</h6>
<pre>{{ finding.steps_to_reproduce|markdown_render }}</pre>
<h6>Steps to Reproduce</h6>
<pre>{{ finding.steps_to_reproduce|markdown_render }}</pre>
{% endif %}

{% if finding.severity_justification %}
<h6>Severity Justification</h6>
<pre>{{ finding.severity_justification|markdown_render }}</pre>
<h6>Severity Justification</h6>
<pre>{{ finding.severity_justification|markdown_render }}</pre>
{% endif %}

{% if finding.references %}
<h6>References</h6>
<pre>{{ finding.references|markdown_render }}</pre>
{% endif %}
<h6>References</h6>
<pre>{{ finding.references|markdown_render }}</pre>

{% if include_finding_images %}
{% include "dojo/snippets/file_images.html" with size='original' obj=finding format="HTML" %}
{% endif %}

{% if include_finding_notes %}
{% with notes=finding.notes.all|get_public_notes %}
{% if notes.count > 0 %}
Expand Down
59 changes: 42 additions & 17 deletions dojo/templates/dojo/finding_pdf_report.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,30 +146,55 @@ <h5>

{% include "dojo/snippets/endpoints.html" with finding=finding destination="Report" %}

<h6>CVSS v3</h6>
<pre>{{ finding.cvssv3 }}</pre>
{% if finding.cvssv3 %}
<h6>CVSS v3</h6>
<pre>{{ finding.cvssv3|markdown_render }}</pre>
{% endif %}

<h6>Description</h6>
<pre>{{ finding.description }}</pre>
<h6>Mitigation</h6>
<pre>{{ finding.mitigation }}</pre>
{% if finding.get_report_requests %}
<pre>{{ finding.description|markdown_render }}</pre>

{% if finding.mitigation %}
<h6>Mitigation</h6>
<pre>{{ finding.mitigation|markdown_render }}</pre>
{% endif %}

{% if finding.get_report_requests %}
<h5>Sample Request(s): Displaying {{finding.get_report_requests.count}} of {{finding.burprawrequestresponse_set.count}}</h5>
{% for req in finding.get_report_requests %}
<h6>Request {{forloop.counter}} </h6>
<pre>{{ req.get_request }}</pre>
{% if req.get_response %}
<h6>Response {{forloop.counter}}</h6>
<pre>{{ req.get_response|truncatechars_html:800 }}</pre>
{% endif %}
<h6>Request {{forloop.counter}} </h6>
<pre class="raw_request">{{ req.get_request }}</pre>
{% if req.get_response != "" %}
<h6>Response {{forloop.counter}}</h6>
<pre class="raw_request">{{ req.get_response|truncatechars_html:800 }}</pre>
{% endif %}
{% endfor %}
{% endif %}
<h6>Impact</h6>
<pre>{{ finding.impact }}</pre>
<h6>References</h6>
<pre>{{ finding.references }}</pre>
{% endif %}

{% if finding.impact %}
<h6>Impact</h6>
<pre>{{ finding.impact|markdown_render }}</pre>
{% endif %}

{% if finding.steps_to_reproduce %}
<h6>Steps to Reproduce</h6>
<pre>{{ finding.steps_to_reproduce|markdown_render }}</pre>
{% endif %}

{% if finding.severity_justification %}
<h6>Severity Justification</h6>
<pre>{{ finding.severity_justification|markdown_render }}</pre>
{% endif %}

{% if finding.references %}
<h6>References</h6>
<pre>{{ finding.references|markdown_render }}</pre>
{% endif %}

{% if include_finding_images %}
{% include "dojo/snippets/file_images.html" with size='original' obj=finding format="HTML" %}
{% endif %}

{% if include_finding_notes %}
{% with notes=finding.notes.all|get_public_notes %}
{% if notes.count > 0 %}
Expand Down
Loading

0 comments on commit bffcb5e

Please sign in to comment.