Skip to content

Commit

Permalink
Merge branch 'dev' into ruff_S105
Browse files Browse the repository at this point in the history
  • Loading branch information
mtesauro authored Nov 5, 2024
2 parents 58cc22e + 08cbfda commit 08594de
Show file tree
Hide file tree
Showing 57 changed files with 3,258 additions and 1,003 deletions.
4 changes: 2 additions & 2 deletions components/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "defectdojo",
"version": "2.40.0-dev",
"version": "2.41.0-dev",
"license" : "BSD-3-Clause",
"private": true,
"dependencies": {
Expand Down Expand Up @@ -35,7 +35,7 @@
"metismenu": "~3.0.7",
"moment": "^2.30.1",
"morris.js": "morrisjs/morris.js",
"pdfmake": "^0.2.14",
"pdfmake": "^0.2.15",
"startbootstrap-sb-admin-2": "1.0.7"
},
"engines": {
Expand Down
532 changes: 33 additions & 499 deletions components/yarn.lock

Large diffs are not rendered by default.

259 changes: 15 additions & 244 deletions docs/assets/icons/logo.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
6 changes: 6 additions & 0 deletions docs/config.dev.toml
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,12 @@ weight = 1
pre = "<i class='fab fa-github'></i>"
url = "https://github.com/DefectDojo/django-DefectDojo"

[[menu.main]]
name = "Knowledge Base"
weight = 50
pre = "<i class='fas fa-atlas'></i>"
url = "https://support.defectdojo.com"

[markup]
[markup.goldmark]
[markup.goldmark.renderer]
Expand Down
6 changes: 6 additions & 0 deletions docs/config.master.toml
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,12 @@ weight = 1
pre = "<i class='fab fa-github'></i>"
url = "https://github.com/DefectDojo/django-DefectDojo"

[[menu.main]]
name = "Knowledge Base"
weight = 50
pre = "<i class='fas fa-atlas'></i>"
url = "https://support.defectdojo.com"

[markup]
[markup.goldmark]
[markup.goldmark.renderer]
Expand Down
16 changes: 14 additions & 2 deletions docs/content/en/contributing/how-to-write-a-parser.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,9 @@ All commands assume that you're located at the root of the django-DefectDojo clo
- It's advised that you create a dedicated branch for your development, such as `git checkout -b parser-name`.

It is easiest to use the docker compose deployment as it has hot-reload capbility for uWSGI.
Set up your environment to use the debug environment:
Set up your environment to use the dev environment:

`$ docker/setEnv.sh debug`
`$ docker/setEnv.sh dev`

Please have a look at [DOCKER.md](https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/DOCKER.md) for more details.

Expand Down Expand Up @@ -294,12 +294,24 @@ This local command will launch the unit test for your new parser
$ docker compose exec uwsgi bash -c 'python manage.py test unittests.tools.<your_unittest_py_file>.<main_class_name> -v2'
{{< /highlight >}}

or like this:

{{< highlight bash >}}
$ ./dc-unittest.sh --test-case unittests.tools.<your_unittest_py_file>.<main_class_name>
{{< /highlight >}}

Example for the blackduck hub parser:

{{< highlight bash >}}
$ docker compose exec uwsgi bash -c 'python manage.py test unittests.tools.test_blackduck_csv_parser.TestBlackduckHubParser -v2'
{{< /highlight >}}

or like this:

{{< highlight bash >}}
$ ./dc-unittest.sh --test-case unittests.tools.test_blackduck_csv_parser.TestBlackduckHubParser
{{< /highlight >}}

{{% alert title="Information" color="info" %}}
If you want to run all unit tests, simply run `$ docker compose exec uwsgi bash -c 'python manage.py test unittests -v2'`
{{% /alert %}}
Expand Down
4 changes: 2 additions & 2 deletions docs/content/en/getting_started/installation.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@ See instructions in [DOCKER.md](<https://github.com/DefectDojo/django-DefectDojo

### SaaS (Includes Support & Supports the Project)

[SaaS link](https://www.defectdojo.com/pricing)
[SaaS link](https://defectdojo.com/platform)

### AWS AMI (Supports the Project)

[Marketplace link](https://aws.amazon.com/marketplace/pp/prodview-m2a25gr67xbzk), and complete [walkthrough](https://www.10security.com/defectdojo-aws-launch-guide)
[Marketplace link](https://aws.amazon.com/marketplace/pp/prodview-m2a25gr67xbzk), and complete [walkthrough](https://defectdojo.com/defectdojo-aws-launch-guide)

---
## **Options for the brave (not officially supported)**
Expand Down
7 changes: 7 additions & 0 deletions docs/content/en/getting_started/upgrading/2.41.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
title: 'Upgrading to DefectDojo Version 2.41.x'
toc_hide: true
weight: -20241104
description: No special instructions.
---
There are no special instructions for upgrading to 2.41.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.41.0) for the contents of the release.
24 changes: 24 additions & 0 deletions docs/content/en/integrations/parsers/file/aws_inspector2.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
title: "AWS Inspector2 Scanner"
toc_hide: true
---

### File Types
AWS Inspector2 report can be imported in json format. Inspector2 name comes from API calls to "modern" Inspector API - `aws inspector2` as opposite to Classic Inspector (previous version of the service), this is an example of how such report can be generated: `aws inspector2 list-findings --filter-criteria '{"resourceId":[{"comparison":"EQUALS","value":"i-instance_id_here"}]}' --region us-east-1 > inspector2_findings.json`


This parser can help to get findings in a delegated admin account for AWS Inspector or in a standalone AWS account. The parser is developed mostly for a scenario where findings are obtained for a specific resource like an ECR image or an instance, and uploaded to a test in a DefectDojo engagement that represents a branch from a git repository.


A minimal valid json file with no findings:

```json
{
"findings": []
}
```

Detailed API response format can be obtained [here](https://docs.aws.amazon.com/inspector/v2/APIReference/API_Finding.html)

### Sample Scan Data
Sample AWS Inspector2 findings can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aws_inspector2).
2 changes: 1 addition & 1 deletion dojo/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@
# Django starts so that shared_task will use this app.
from .celery import app as celery_app # noqa: F401

__version__ = "2.40.0-dev"
__version__ = "2.41.0-dev"
__url__ = "https://github.com/DefectDojo/django-DefectDojo"
__docs__ = "https://documentation.defectdojo.com"
7 changes: 7 additions & 0 deletions dojo/api_v2/serializers.py
Original file line number Diff line number Diff line change
Expand Up @@ -2257,6 +2257,13 @@ def setup_common_context(self, data: dict) -> dict:
if context.get("scan_date")
else None
)

# engagement end date was not being used at all and so target_end would also turn into None
# in this case, do not want to change target_end unless engagement_end exists
eng_end_date = context.get("engagement_end_date", None)
if eng_end_date:
context["target_end"] = context.get("engagement_end_date")

return context


Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Generated by Django 5.0.9 on 2024-10-22 19:53

from django.db import migrations, models


class Migration(migrations.Migration):

dependencies = [
('dojo', '0217_jira_project_enabled'),
]

operations = [
migrations.AddField(
model_name='system_settings',
name='enforce_verified_status',
field=models.BooleanField(default=True, help_text='When enabled, features such as product grading, jira integration, metrics, and reports will only interact with verified findings.', verbose_name='Enforce Verified Status'),
),
migrations.AlterField(
model_name='jira_project',
name='push_all_issues',
field=models.BooleanField(blank=True, default=False, help_text='Automatically create JIRA tickets for verified findings, assuming enforce_verified_status is True, or for all findings otherwise. Once linked, the JIRA ticket will continue to sync, regardless of status in DefectDojo.'),
),
]
2 changes: 1 addition & 1 deletion dojo/forms.py
Original file line number Diff line number Diff line change
Expand Up @@ -3076,7 +3076,7 @@ def clean(self):
elif self.cleaned_data.get("push_to_jira", None):
active = self.finding_form["active"].value()
verified = self.finding_form["verified"].value()
if not active or not verified:
if not active or (not verified and get_system_setting("enforce_verified_status", True)):
logger.debug("Findings must be active and verified to be pushed to JIRA")
error_message = "Findings must be active and verified to be pushed to JIRA"
self.add_error("push_to_jira", ValidationError(error_message, code="not_active_or_verified"))
Expand Down
2 changes: 1 addition & 1 deletion dojo/github.py
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ def add_external_issue_github(find, prod, eng):
github_conf = github_pkey.git_conf

# We push only active and verified issues
if "Active" in find.status() and "Verified" in find.status():
if "Active" in find.status() and ("Verified" in find.status() and get_system_setting("enforce_verified_status", True)):
eng = Engagement.objects.get(test=find.test)
prod = Product.objects.get(engagement=eng)
github_product_key = GITHUB_PKey.objects.get(product=prod)
Expand Down
8 changes: 5 additions & 3 deletions dojo/jira_link/helper.py
Original file line number Diff line number Diff line change
Expand Up @@ -145,9 +145,11 @@ def can_be_pushed_to_jira(obj, form=None):

logger.debug("can_be_pushed_to_jira: %s, %s, %s", active, verified, severity)

if not active or not verified:
logger.debug("Findings must be active and verified to be pushed to JIRA")
return False, "Findings must be active and verified to be pushed to JIRA", "not_active_or_verified"
isenforced = get_system_setting("enforce_verified_status", True)

if not active or (not verified and isenforced):
logger.debug("Findings must be active and verified, if enforced by system settings, to be pushed to JIRA")
return False, "Findings must be active and verified, if enforced by system settings, to be pushed to JIRA", "not_active_or_verified"

jira_minimum_threshold = None
if System_Settings.objects.get().jira_minimum_severity:
Expand Down
8 changes: 6 additions & 2 deletions dojo/management/commands/jira_async_updates.py
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
import logging

from django.core.management.base import BaseCommand
from django.utils import timezone
from jira.exceptions import JIRAError

import dojo.jira_link.helper as jira_helper
from dojo.models import Dojo_User, Finding, Notes, User
from dojo.utils import get_system_setting, timezone

"""
Author: Aaron Weaver
Expand All @@ -22,7 +22,11 @@ class Command(BaseCommand):
def handle(self, *args, **options):

findings = Finding.objects.exclude(jira_issue__isnull=True)
findings = findings.filter(verified=True, active=True)
if get_system_setting("enforce_verified_status", True):
findings = findings.filter(verified=True, active=True)
else:
findings = findings.filter(active=True)

findings = findings.prefetch_related("jira_issue")
# finding = Finding.objects.get(id=1)
for finding in findings:
Expand Down
5 changes: 4 additions & 1 deletion dojo/management/commands/push_to_jira_update.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,10 @@ class Command(BaseCommand):
def handle(self, *args, **options):

findings = Finding.objects.exclude(jira_issue__isnull=True)
findings = findings.filter(verified=True, active=True)
if get_system_setting("enforce_verified_status", True):
findings = findings.filter(verified=True, active=True)
else:
findings = findings.filter(active=True)

for finding in findings:
logger.info("Checking issue:" + str(finding.id))
Expand Down
6 changes: 4 additions & 2 deletions dojo/metrics/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -109,8 +109,10 @@ def finding_queries(
weekly_counts = query_counts_for_period(MetricsPeriod.WEEK, weeks_between)

top_ten = get_authorized_products(Permissions.Product_View)
top_ten = top_ten.filter(engagement__test__finding__verified=True,
engagement__test__finding__false_p=False,
if get_system_setting("enforce_verified_status", True):
top_ten = top_ten.filter(engagement__test__finding__verified=True)

top_ten = top_ten.filter(engagement__test__finding__false_p=False,
engagement__test__finding__duplicate=False,
engagement__test__finding__out_of_scope=False,
engagement__test__finding__mitigated__isnull=True,
Expand Down
Loading

0 comments on commit 08594de

Please sign in to comment.