Skip to content

Commit

Permalink
Merge pull request #10284 from DefectDojo/master-into-dev/2.34.5-2.35…
Browse files Browse the repository at this point in the history
….0-dev

Release: Merge back 2.34.5 into dev from: master-into-dev/2.34.5-2.35.0-dev
  • Loading branch information
Maffooch authored May 28, 2024
2 parents 28de9e0 + 27b87cd commit 048df00
Show file tree
Hide file tree
Showing 8 changed files with 119 additions and 24 deletions.
16 changes: 8 additions & 8 deletions docs/content/en/integrations/source-code-repositories.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,13 @@ Findings can have a filepath and a line number as the location of the vulnerabil
While editing the Engagement, users can set the URL of the specific SCM repo.
For Interactive Engagement it needs to be the URL including the branch:
- for GitHub - like https://github.com/DefectDojo/django-DefectDojo/tree/dev
![Edit Engagement (GitHub)](../../../static/images/source-code-repositories_1.png)
![Edit Engagement (GitHub)](../../images/source-code-repositories_1.png)
- for GitLab - like https://gitlab.com/gitlab-org/gitlab/-/tree/master
![Edit Engagement (Gitlab)](../../../static/images/source-code-repositories-gitlab_1.png)
![Edit Engagement (Gitlab)](../../images/source-code-repositories-gitlab_1.png)
- for public BitBucket - like (like git clone url)
![Edit Engagement (Bitbucket public)](../../../static/images/source-code-repositories-bitbucket_1.png)
![Edit Engagement (Bitbucket public)](../../images/source-code-repositories-bitbucket_1.png)
- for standalone/onpremise BitBucket https://bb.example.com/scm/some-project/some-repo.git or https://bb.example.com/scm/some-user-name/some-repo.git for user public repo (like git clone url)
![Edit Engagement (Bitbucket standalone)](../../../static/images/source-code-repositories-bitbucket-onpremise_1.png)
![Edit Engagement (Bitbucket standalone)](../../images/source-code-repositories-bitbucket-onpremise_1.png)

For CI/CD Engagement, where user could set commit hash, branch/tag and code line it should look like examples below:
- for GitHub - like https://github.com/DefectDojo/django-DefectDojo
Expand All @@ -33,11 +33,11 @@ SCM navigation URL is composed from Repo URL using SCM Type. Github/Gitlab SCM t

Product custom fields:

![Product custom fields](../../../static/images/product-custom-fields_1.png)
![Product custom fields](../../images/product-custom-fields_1.png)

Product SCM type add:

![Product scm type](../../../static/images/product-scm-type_1.png)
![Product scm type](../../images/product-scm-type_1.png)

Possible SCM types could be 'github', 'gitlab', 'bitbucket', 'bitbucket-standalone', 'gitea', 'codeberg' or nothing (for default github).

Expand All @@ -46,8 +46,8 @@ Possible SCM types could be 'github', 'gitlab', 'bitbucket', 'bitbucket-standalo

When viewing a finding, the location will be presented as a link, if the repository of the source code has been set in the Engagement:

![Link to location](../../../static/images/source-code-repositories_2.png)
![Link to location](../../images/source-code-repositories_2.png)

Clicking on this link will open a new tab in the browser, with the source file of the vulnerability at the corresponding line number:

![View in repository](../../../static/images/source-code-repositories_3.png)
![View in repository](../../images/source-code-repositories_3.png)
25 changes: 16 additions & 9 deletions dojo/tools/ms_defender/parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -43,20 +43,19 @@ def get_findings(self, file, test):
if "machines/" in content and "machines/" != content:
machinefiles.append(content)
vulnerabilities = []
machines = []
machines = {}
for vulnerabilityfile in vulnerabilityfiles:
output = json.loads(zipdata[vulnerabilityfile].decode('ascii'))['value']
for data in output:
vulnerabilities.append(data)
for machinefile in machinefiles:
output = json.loads(zipdata[machinefile].decode('ascii'))['value']
for data in output:
machines.append(data)
machines[data.get('id')] = data
for vulnerability in vulnerabilities:
try:
machine = list(filter(lambda m: m['id'] == vulnerability['machineId'], machines))[0]
self.process_zip(vulnerability, machine)
except IndexError:
self.process_zip(vulnerability, machines[vulnerability['machineId']])
except (IndexError, KeyError):
self.process_json(vulnerability)
else:
return []
Expand All @@ -73,15 +72,16 @@ def process_json(self, vulnerability):
title = str(vulnerability['cveId'])
finding = Finding(
title=title + "_" + vulnerability["machineId"],
severity=vulnerability['severity'],
severity=self.severity_check(vulnerability['severity']),
description=description,
static_finding=False,
dynamic_finding=True,
)
if vulnerability['fixingKbId'] is not None:
finding.mitigation = vulnerability['fixingKbId']
if vulnerability['cveId'] is not None:
finding.cve = vulnerability['cveId']
finding.unsaved_vulnerability_ids = []
finding.unsaved_vulnerability_ids.append(vulnerability['cveId'])
self.findings.append(finding)
finding.unsaved_endpoints = []

Expand Down Expand Up @@ -123,15 +123,16 @@ def process_zip(self, vulnerability, machine):
title = title + "_" + str(machine['osPlatform'])
finding = Finding(
title=title + "_" + vulnerability["machineId"],
severity=vulnerability['severity'],
severity=self.severity_check(vulnerability['severity']),
description=description,
static_finding=False,
dynamic_finding=True,
)
if vulnerability['fixingKbId'] is not None:
finding.mitigation = vulnerability['fixingKbId']
if vulnerability['cveId'] is not None:
finding.cve = vulnerability['cveId']
finding.unsaved_vulnerability_ids = []
finding.unsaved_vulnerability_ids.append(vulnerability['cveId'])
self.findings.append(finding)
finding.unsaved_endpoints = []
if machine['computerDnsName'] is not None:
Expand All @@ -140,3 +141,9 @@ def process_zip(self, vulnerability, machine):
finding.unsaved_endpoints.append(Endpoint(host=str(machine['lastIpAddress'])))
if machine['lastExternalIpAddress'] is not None:
finding.unsaved_endpoints.append(Endpoint(host=str(machine['lastExternalIpAddress'])))

def severity_check(self, input):
if input in ['Informational', 'Low', 'Medium', 'High', 'Critical']:
return input
else:
return "Informational"
8 changes: 4 additions & 4 deletions helm/defectdojo/Chart.lock
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,15 @@ dependencies:
version: 9.19.1
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 15.4.0
version: 15.4.2
- name: postgresql-ha
repository: https://charts.bitnami.com/bitnami
version: 9.4.11
- name: rabbitmq
repository: https://charts.bitnami.com/bitnami
version: 14.3.0
version: 14.3.1
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 19.4.0
digest: sha256:5eabae7691eb49cdc15b3924fd5ed661b4eeb8867761a9f5dda68d750a8deaed
generated: "2024-05-22T18:47:38.838187053Z"
digest: sha256:b3de89f81c87a6801052b0a9367a1cf72921b45326436925d87664ff924505d8
generated: "2024-05-28T18:02:09.89737001Z"
2 changes: 1 addition & 1 deletion helm/defectdojo/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
appVersion: "2.35.0-dev"
description: A Helm chart for Kubernetes to install DefectDojo
name: defectdojo
version: 1.6.131-dev
version: 1.6.132-dev
icon: https://www.defectdojo.org/img/favicon.ico
maintainers:
- name: madchap
Expand Down
38 changes: 38 additions & 0 deletions unittests/scans/generic/test_import_report1.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
{
"name": "Unicorn",
"type": "Unicorn",
"findings": [
{
"title": "Henry Smith",
"description": "small",
"severity": "Critical",
"active": false,
"verified": false,
"is_mitigated": true
},
{
"title": "Emma Jones",
"description": "small",
"severity": "Critical",
"active": false,
"verified": false,
"is_mitigated": true
},
{
"title": "Emma Jones",
"description": "small",
"severity": "Critical",
"active": true,
"verified": true,
"is_mitigated": false
},
{
"title": "Emma Jones",
"description": "small",
"severity": "Critical",
"active": false,
"verified": false,
"is_mitigated": true
}
]
}
38 changes: 38 additions & 0 deletions unittests/scans/generic/test_import_report2.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
{
"name": "Unicorn",
"type": "Unicorn",
"findings": [
{
"title": "Henry Smith",
"description": "small",
"severity": "Critical",
"active": false,
"verified": false,
"is_mitigated": true
},
{
"title": "Henry Smith",
"description": "small",
"severity": "Critical",
"active": false,
"verified": false,
"is_mitigated": true
},
{
"title": "Henry Smith",
"description": "small",
"severity": "Critical",
"active": false,
"verified": false,
"is_mitigated": true
},
{
"title": "Henry Smith",
"description": "small",
"severity": "Critical",
"active": true,
"verified": true,
"is_mitigated": false
}
]
}
12 changes: 12 additions & 0 deletions unittests/test_import_reimport.py
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,10 @@ def __init__(self, *args, **kwargs):
self.clair_empty = self.scans_path + 'clair/clair_empty.json'
self.scan_type_clair = 'Clair Scan'

self.scan_type_generic = "Generic Findings Import"
self.generic_filename_with_file = self.scans_path + "generic/test_with_image.json"
self.generic_import_1 = self.scans_path + "generic/test_import_report1.json"
self.generic_import_2 = self.scans_path + "generic/test_import_report2.json"

self.aws_prowler_file_name = self.scans_path + 'aws_prowler/many_vuln.json'
self.aws_prowler_file_name_plus_one = self.scans_path + 'aws_prowler/many_vuln_plus_one.json'
Expand Down Expand Up @@ -1445,6 +1448,15 @@ def test_import_reimport_vulnerability_ids(self):
self.assertEqual('GHSA-v6rh-hp5x-86rv', findings[3].vulnerability_ids[0])
self.assertEqual('CVE-2021-44420', findings[3].vulnerability_ids[1])

def test_import_history_reactivated_and_untouched_findings_do_not_mix(self):
import0 = self.import_scan_with_params(self.generic_import_1, scan_type=self.scan_type_generic)
test_id = import0['test']
# reimport the second report
self.reimport_scan_with_params(test_id, self.generic_import_2, scan_type=self.scan_type_generic)
# reimport the first report again
self.reimport_scan_with_params(test_id, self.generic_import_1, scan_type=self.scan_type_generic)
# Passing this test means an exception does not occur


class ImportReimportTestAPI(DojoAPITestCase, ImportReimportMixin):
fixtures = ['dojo_testdata.json']
Expand Down
4 changes: 2 additions & 2 deletions unittests/tools/test_ms_defender_parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
from ..dojo_test_case import DojoTestCase


class TestSDefenderParser(DojoTestCase):
class TestMSDefenderParser(DojoTestCase):

def test_parse_many_findings(self):
testfile = open("unittests/scans/ms_defender/report_many_vulns.json")
Expand All @@ -25,7 +25,7 @@ def test_parse_one_finding(self):
finding = findings[0]
self.assertEqual("Low", finding.severity)
self.assertEqual("CVE-1234-5678_fjweoifjewiofjweoifjeowifjowei", finding.title)
self.assertEqual("CVE-1234-5678", finding.cve)
self.assertEqual("CVE-1234-5678", finding.unsaved_vulnerability_ids[0])

def test_parse_no_finding(self):
testfile = open("unittests/scans/ms_defender/report_no_vuln.json")
Expand Down

0 comments on commit 048df00

Please sign in to comment.