From 4ae43b77cefe4312495ec42b4a2279069f2f74bf Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Wed, 8 May 2024 01:35:41 +0000 Subject: [PATCH 1/8] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index 1b0d3b3ced8..1b5079c0a74 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.34.1", + "version": "2.35.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index f5f6e590d5b..abc693bf24b 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = '2.34.1' +__version__ = '2.35.0-dev' __url__ = 'https://github.com/DefectDojo/django-DefectDojo' __docs__ = 'https://documentation.defectdojo.com' diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 3a7eff08849..904022fb707 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.34.1" +appVersion: "2.35.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.127 +version: 1.6.128-dev icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap From 965a68d1fab941b6e43a541974b16c2a91ae62ca Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Wed, 8 May 2024 23:49:11 +0200 Subject: [PATCH 2/8] remove cve field from docs (#10110) --- docs/content/en/contributing/how-to-write-a-parser.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/content/en/contributing/how-to-write-a-parser.md b/docs/content/en/contributing/how-to-write-a-parser.md index 71141fcd1b0..57a768008be 100644 --- a/docs/content/en/contributing/how-to-write-a-parser.md +++ b/docs/content/en/contributing/how-to-write-a-parser.md @@ -157,7 +157,7 @@ Good example: ```python if "mykey" in data: - finding.cve = data["mykey"] + finding.cwe = data["mykey"] ``` ### Do not parse CVSS by hand (vector, score or severity) @@ -244,7 +244,7 @@ For ex: self.assertEqual(True, finding.verified) self.assertEqual(False, finding.duplicate) self.assertIn(finding.severity, Finding.SEVERITIES) - self.assertEqual("CVE-2020-36234", finding.cve) + self.assertEqual("CVE-2020-36234", finding.vulnerability_ids[0]) self.assertEqual(261, finding.cwe) self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", finding.cvssv3) self.assertIn("security", finding.tags) From 88b44d9e701124d4e0f38361f6803b4d931509db Mon Sep 17 00:00:00 2001 From: Blake Owens <76979297+blakeaowens@users.noreply.github.com> Date: Wed, 8 May 2024 17:45:11 -0500 Subject: [PATCH 3/8] fix incorrect get, add annotation (#10163) --- dojo/product/views.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/dojo/product/views.py b/dojo/product/views.py index 024b5c5d02e..e98d471ad62 100644 --- a/dojo/product/views.py +++ b/dojo/product/views.py @@ -500,6 +500,8 @@ def endpoint_querys(request, prod): 'finding__cwe' ).annotate( count=Count('finding__cwe') + ).annotate( + cwe=F('finding__cwe') ) filters['all_vulns'] = endpoints_qs.filter( @@ -508,6 +510,8 @@ def endpoint_querys(request, prod): 'finding__cwe' ).annotate( count=Count('finding__cwe') + ).annotate( + cwe=F('finding__cwe') ) filters['start_date'] = start_date @@ -610,7 +614,7 @@ def view_product_metrics(request, pid): if view == 'Finding': severity = finding.get('severity') elif view == 'Endpoint': - severity = finding.finding.get('severity') + severity = finding.get('severity') finding_age = calculate_finding_age(finding) if open_objs_by_age.get(finding_age, None): From 7258c9e1293cd64dc6148b5b33e28255b1e5f1a3 Mon Sep 17 00:00:00 2001 From: Charles Neill <1749665+cneill@users.noreply.github.com> Date: Wed, 8 May 2024 17:45:20 -0500 Subject: [PATCH 4/8] Setting status code on 400/500 errors (#10164) --- dojo/views.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dojo/views.py b/dojo/views.py index db90c1f9443..1baee23ad8f 100644 --- a/dojo/views.py +++ b/dojo/views.py @@ -27,11 +27,11 @@ def custom_error_view(request, exception=None): - return render(request, "500.html", {}) + return render(request, "500.html", {}, status=500) def custom_bad_request_view(request, exception=None): - return render(request, "400.html", {}) + return render(request, "400.html", {}, status=400) def action_history(request, cid, oid): From b13823aa250e311787e663caa4f4ce763866df1f Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Thu, 9 May 2024 00:45:28 +0200 Subject: [PATCH 5/8] advance vulnerability urls (#10136) --- dojo/settings/settings.dist.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 48891b36629..21130b00ac5 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1692,6 +1692,9 @@ def saml2_attrib_map_format(dict): 'RUSTSEC': 'https://rustsec.org/advisories/', 'VNS': 'https://vulners.com/', 'RHSA': 'https://access.redhat.com/errata/', + 'RHBA': 'https://access.redhat.com/errata/', + 'RHEA': 'https://access.redhat.com/errata/', + 'FEDORA': 'https://bodhi.fedoraproject.org/updates/', } # List of acceptable file types that can be uploaded to a given object via arbitrary file upload FILE_UPLOAD_TYPES = env("DD_FILE_UPLOAD_TYPES") From 610c900bfa33bc2552f851ee110127147733de2d Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Thu, 9 May 2024 00:45:39 +0200 Subject: [PATCH 6/8] :lipstick: remove unnecessary content from redhatsatellite findings (#10134) --- dojo/tools/redhatsatellite/parser.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dojo/tools/redhatsatellite/parser.py b/dojo/tools/redhatsatellite/parser.py index f241e18ee45..65973c153f3 100644 --- a/dojo/tools/redhatsatellite/parser.py +++ b/dojo/tools/redhatsatellite/parser.py @@ -61,8 +61,10 @@ def get_findings(self, filename, test): description += "**hosts_available_count:** " + str(hosts_available_count) + "\n" description += "**hosts_applicable_count:** " + str(hosts_applicable_count) + "\n" description += "**installable:** " + str(installable) + "\n" - description += "**bugs:** " + str(bugs) + "\n" - description += "**module_streams:** " + str(module_streams) + "\n" + if bugs != []: + description += "**bugs:** " + str(bugs) + "\n" + if module_streams != []: + description += "**module_streams:** " + ', '.join(module_streams) + "\n" description += "**packages:** " + ', '.join(packages) find = Finding( title=title, From 36b6d23c0caa31695250e5832a4ab55c90a1b894 Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Thu, 9 May 2024 00:45:50 +0200 Subject: [PATCH 7/8] :lipstick: remove unnecessary content from sonarqube findings (#10133) * :lipstick: remove unnecessary content from sonarqube findings * ruff linter --- .../tools/sonarqube/sonarqube_restapi_json.py | 74 ++++++++++++------- 1 file changed, 48 insertions(+), 26 deletions(-) diff --git a/dojo/tools/sonarqube/sonarqube_restapi_json.py b/dojo/tools/sonarqube/sonarqube_restapi_json.py index 6985117ecd6..e40fc5b8ee0 100644 --- a/dojo/tools/sonarqube/sonarqube_restapi_json.py +++ b/dojo/tools/sonarqube/sonarqube_restapi_json.py @@ -14,11 +14,11 @@ def get_json_items(self, json_content, test, mode): component = issue.get("component") project = issue.get("project") line = str(issue.get("line")) - textRange = str(issue.get("textRange")) - flows = str(issue.get("flows")) + textRange = issue.get("textRange") + flows = issue.get("flows") status = issue.get("status") message = issue.get("message") - tags = str(issue.get("tags")) + tags = issue.get("tags") type = issue.get("type") scope = issue.get("scope") quickFixAvailable = str(issue.get("quickFixAvailable")) @@ -29,11 +29,17 @@ def get_json_items(self, json_content, test, mode): description += "**component:** " + component + "\n" description += "**project:** " + project + "\n" description += "**line:** " + line + "\n" - description += "**textRange:** " + textRange + "\n" - description += "**flows:** " + flows + "\n" + if textRange != {}: + res = [] + for item in textRange: + res.append(item + ": " + str(textRange[item])) + description += "**textRange:** " + ", ".join(res) + "\n" + if flows != []: + description += "**flows:** " + ", ".join(flows) + "\n" description += "**status:** " + status + "\n" description += "**message:** " + message + "\n" - description += "**tags:** " + tags + "\n" + if tags != []: + description += "**tags:** " + ", ".join(tags) + "\n" description += "**type:** " + type + "\n" description += "**scope:** " + scope + "\n" description += self.returncomponent(json_content, component) @@ -51,7 +57,7 @@ def get_json_items(self, json_content, test, mode): rule = issue.get("rule") component = issue.get("component") project = issue.get("project") - flows = str(issue.get("flows")) + flows = issue.get("flows") status = issue.get("status") message = issue.get("message") cwe = None @@ -80,20 +86,23 @@ def get_json_items(self, json_content, test, mode): component_version = None scope = issue.get("scope") quickFixAvailable = str(issue.get("quickFixAvailable")) - codeVariants = str(issue.get("codeVariants")) - tags = str(issue.get("tags")) + codeVariants = issue.get("codeVariants") + tags = issue.get("tags") description = "" description += "**key:** " + key + "\n" description += "**rule:** " + rule + "\n" description += "**component:** " + component + "\n" description += "**project:** " + project + "\n" - description += "**flows:** " + flows + "\n" + if flows != []: + description += "**flows:** " + ", ".join(flows) + "\n" description += "**status:** " + status + "\n" description += "**message:** " + message + "\n" description += "**scope:** " + scope + "\n" description += "**quickFixAvailable:** " + quickFixAvailable + "\n" - description += "**codeVariants:** " + codeVariants + "\n" - description += "**tags:** " + tags + "\n" + if codeVariants != []: + description += "**codeVariants:** " + ", ".join(codeVariants) + "\n" + if tags != []: + description += "**tags:** " + ", ".join(tags) + "\n" description += self.returncomponent(json_content, component) item = Finding( title=rule + "_" + key, @@ -138,27 +147,34 @@ def get_json_items(self, json_content, test, mode): component = issue.get("component") project = issue.get("project") line = str(issue.get("line")) - textRange = str(issue.get("textRange")) - flows = str(issue.get("flows")) + textRange = issue.get("textRange") + flows = issue.get("flows") status = issue.get("status") message = issue.get("message") - tags = str(issue.get("tags")) + tags = issue.get("tags") scope = issue.get("scope") quickFixAvailable = str(issue.get("quickFixAvailable")) - codeVariants = str(issue.get("codeVariants")) + codeVariants = issue.get("codeVariants") description = "" description += "**rule:** " + rule + "\n" description += "**component:** " + component + "\n" description += "**project:** " + project + "\n" description += "**line:** " + line + "\n" - description += "**textRange:** " + textRange + "\n" - description += "**flows:** " + flows + "\n" + if textRange != {}: + res = [] + for item in textRange: + res.append(item + ": " + str(textRange[item])) + description += "**textRange:** " + ", ".join(res) + "\n" + if flows != []: + description += "**flows:** " + ", ".join(flows) + "\n" description += "**status:** " + status + "\n" description += "**message:** " + message + "\n" - description += "**tags:** " + tags + "\n" + if tags != []: + description += "**tags:** " + ", ".join(tags) + "\n" description += "**scope:** " + scope + "\n" description += "**quickFixAvailable:** " + quickFixAvailable + "\n" - description += "**codeVariants:** " + codeVariants + "\n" + if codeVariants != []: + description += "**codeVariants:** " + ", ".join(codeVariants) + "\n" description += self.returncomponent(json_content, component) item = Finding( title=rule + "_" + key, @@ -179,10 +195,10 @@ def get_json_items(self, json_content, test, mode): status = hotspot.get("status") line = str(hotspot.get("line")) message = hotspot.get("message") - textRange = str(hotspot.get("textRange")) - flows = str(hotspot.get("flows")) + textRange = hotspot.get("textRange") + flows = hotspot.get("flows") ruleKey = hotspot.get("ruleKey") - messageFormattings = str(hotspot.get("messageFormattings")) + messageFormattings = hotspot.get("messageFormattings") description = "" description += "**key:** " + key + "\n" description += "**component:** " + component + "\n" @@ -191,10 +207,16 @@ def get_json_items(self, json_content, test, mode): description += "**status:** " + status + "\n" description += "**line:** " + line + "\n" description += "**message:** " + message + "\n" - description += "**textRange:** " + textRange + "\n" - description += "**flows:** " + flows + "\n" + if textRange != {}: + res = [] + for item in textRange: + res.append(item + ": " + str(textRange[item])) + description += "**textRange:** " + ", ".join(res) + "\n" + if flows != []: + description += "**flows:** " + ", ".join(flows) + "\n" description += "**ruleKey:** " + ruleKey + "\n" - description += "**messageFormattings:** " + messageFormattings + "\n" + if messageFormattings != []: + description += "**messageFormattings:** " + ", ".join(messageFormattings) + "\n" description += self.returncomponent(json_content, component) item = Finding( title=ruleKey + "_" + key, From 60b229828b1192ac4b5685ef9106bba5390145bf Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Wed, 8 May 2024 22:46:47 +0000 Subject: [PATCH 8/8] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index 1b5079c0a74..181803ad677 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.35.0-dev", + "version": "2.34.2", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index abc693bf24b..78ba95c1a3c 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = '2.35.0-dev' +__version__ = '2.34.2' __url__ = 'https://github.com/DefectDojo/django-DefectDojo' __docs__ = 'https://documentation.defectdojo.com' diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 904022fb707..bf7bafb271d 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.35.0-dev" +appVersion: "2.34.2" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.128-dev +version: 1.6.128 icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap