Merge pull request #8875 from DefectDojo/release/2.27.3

Release: Merge release into master from: release/2.27.3
DefectDojo · Oct 23, 2023 · 584371d · 584371d
2 parents 6608da3 + c40b488
commit 584371d
Show file tree

Hide file tree

Showing 10 changed files with 40 additions and 32 deletions.
diff --git a/components/package.json b/components/package.json
@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.27.2",
+  "version": "2.27.3",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

diff --git a/dojo/__init__.py b/dojo/__init__.py
@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa
 
-__version__ = '2.27.2'
+__version__ = '2.27.3'
 __url__ = 'https://github.com/DefectDojo/django-DefectDojo'
 __docs__ = 'https://documentation.defectdojo.com'
diff --git a/dojo/endpoint/views.py b/dojo/endpoint/views.py
@@ -228,7 +228,7 @@ def delete_endpoint(request, eid):
                                     title='Deletion of %s' % endpoint,
                                     product=product,
                                     description='The endpoint "%s" was deleted by %s' % (endpoint, request.user),
-                                    url=request.build_absolute_uri(reverse('endpoint')),
+                                    url=reverse('endpoint'),
                                     icon="exclamation-triangle")
                 return HttpResponseRedirect(reverse('view_product', args=(product.id,)))
 

diff --git a/dojo/filters.py b/dojo/filters.py
@@ -2041,7 +2041,7 @@ class Meta:
                      'target_end', 'notes', 'percent_complete',
                      'actual_time', 'engagement', 'version',
                      'branch_tag', 'build_id', 'commit_hash',
-                     'api_scan_configuration']
+                     'api_scan_configuration', 'scan_type']
 
 
 class ApiAppAnalysisFilter(DojoFilter):

diff --git a/dojo/finding/views.py b/dojo/finding/views.py
@@ -1445,7 +1445,7 @@ def reopen_finding(request, fid):
         finding=finding,
         description='The finding "%s" was reopened by %s'
         % (finding.title, request.user),
-        url=request.build_absolute_uri(reverse("view_test", args=(finding.test.id,))),
+        url=reverse("view_finding", args=(finding.id,)),
     )
     return HttpResponseRedirect(reverse("view_finding", args=(finding.id,)))
 

diff --git a/dojo/reports/views.py b/dojo/reports/views.py
@@ -859,7 +859,8 @@ def csv_export(request):
                             continue
                         fields.append(key)
                 except Exception as exc:
-                    logger.debug('Error in attribute: ' + str(exc))
+                    logger.error('Error in attribute: ' + str(exc))
+                    fields.append(key)
                     continue
             fields.append('test')
             fields.append('found_by')
@@ -891,7 +892,8 @@ def csv_export(request):
                             value = value.replace('\n', ' NEWLINE ').replace('\r', '')
                         fields.append(value)
                 except Exception as exc:
-                    logger.debug('Error in attribute: ' + str(exc))
+                    logger.error('Error in attribute: ' + str(exc))
+                    fields.append("Value not supported")
                     continue
             fields.append(finding.test.title)
             fields.append(finding.test.test_type.name)
@@ -955,7 +957,8 @@ def excel_export(request):
                         cell.font = font_bold
                         col_num += 1
                 except Exception as exc:
-                    logger.debug('Error in attribute: ' + str(exc))
+                    logger.error('Error in attribute: ' + str(exc))
+                    cell = worksheet.cell(row=row_num, column=col_num, value=key)
                     continue
             cell = worksheet.cell(row=row_num, column=col_num, value='found_by')
             cell.font = font_bold
@@ -998,7 +1001,8 @@ def excel_export(request):
                         worksheet.cell(row=row_num, column=col_num, value=value)
                         col_num += 1
                 except Exception as exc:
-                    logger.debug('Error in attribute: ' + str(exc))
+                    logger.error('Error in attribute: ' + str(exc))
+                    worksheet.cell(row=row_num, column=col_num, value="Value not supported")
                     continue
             worksheet.cell(row=row_num, column=col_num, value=finding.test.test_type.name)
             col_num += 1

diff --git a/dojo/test/views.py b/dojo/test/views.py
@@ -599,7 +599,7 @@ def process_forms(self, request: HttpRequest, test: Test, context: dict):
                 description=_('Finding "%(title)s" was added by %(user)s') % {
                     'title': finding.title, 'user': request.user
                 },
-                url=request.build_absolute_uri(reverse('view_finding', args=(finding.id,))),
+                url=reverse("view_finding", args=(finding.id,)),
                 icon="exclamation-triangle")
             # Add a success message
             messages.add_message(

diff --git a/dojo/tools/qualys/csv_parser.py b/dojo/tools/qualys/csv_parser.py
@@ -112,6 +112,8 @@ def build_findings_from_dict(report_findings: [dict]) -> [Finding]:
     for report_finding in report_findings:
         if report_finding.get("FQDN"):
             endpoint = Endpoint.from_uri(report_finding.get("FQDN"))
+        elif report_finding.get("DNS"):
+            endpoint = Endpoint(host=report_finding.get("DNS"))
         else:
             endpoint = Endpoint(host=report_finding["IP"])
 
@@ -123,19 +125,22 @@ def build_findings_from_dict(report_findings: [dict]) -> [Finding]:
             cvssv3 = _extract_cvss_vectors(
                         report_finding["CVSS3.1 Base"], report_finding["CVSS3.1 Temporal"]
                     )
-
-        finding = Finding(
-            title=f"QID-{report_finding['QID']} | {report_finding['Title']}",
-            mitigation=report_finding["Solution"],
-            description=f"{report_finding['Threat']}\nResult Evidence: \n{report_finding.get('Threat', 'Not available')}",
-            severity=severity_lookup.get(report_finding["Severity"], "Info"),
-            impact=report_finding["Impact"],
-            date=parser.parse(
-                report_finding["Last Detected"].replace("Z", "")
-            ),
-            vuln_id_from_tool=report_finding["QID"],
-            cvssv3=cvssv3
-        )
+        finding_with_id = next((obj for obj in dojo_findings if obj.vuln_id_from_tool == report_finding["QID"]), None)
+        if finding_with_id:
+            finding = finding_with_id
+        else:
+            finding = Finding(
+                title=f"QID-{report_finding['QID']} | {report_finding['Title']}",
+                mitigation=report_finding["Solution"],
+                description=f"{report_finding['Threat']}\nResult Evidence: \n{report_finding.get('Threat', 'Not available')}",
+                severity=severity_lookup.get(report_finding["Severity"], "Info"),
+                impact=report_finding["Impact"],
+                date=parser.parse(
+                    report_finding["Last Detected"].replace("Z", "")
+                ),
+                vuln_id_from_tool=report_finding["QID"],
+                cvssv3=cvssv3
+            )
 
         cve_data = report_finding.get("CVE ID")
         finding.unsaved_vulnerability_ids = (
@@ -163,8 +168,7 @@ def build_findings_from_dict(report_findings: [dict]) -> [Finding]:
             finding.is_mitigated = False
 
         finding.verified = True
-        finding.unsaved_endpoints = [endpoint]
-
-        dojo_findings.append(finding)
-
+        finding.unsaved_endpoints.append(endpoint)
+        if not finding_with_id:
+            dojo_findings.append(finding)
     return dojo_findings
diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: "2.27.2"
+appVersion: "2.27.3"
 description: A Helm chart for Kubernetes to install DefectDojo
 name: defectdojo
-version: 1.6.91
+version: 1.6.92
 icon: https://www.defectdojo.org/img/favicon.ico
 maintainers:
   - name: madchap

diff --git a/unittests/tools/test_qualys_parser.py b/unittests/tools/test_qualys_parser.py
@@ -69,7 +69,7 @@ def test_parse_file_with_multiple_vuln_has_multiple_findings_csv(self):
         for finding in findings:
             for endpoint in finding.unsaved_endpoints:
                 endpoint.clean()
-        self.assertEqual(6, len(findings))
+        self.assertEqual(3, len(findings))
 
         finding = findings[0]
         self.assertEqual(
@@ -79,11 +79,11 @@ def test_parse_file_with_multiple_vuln_has_multiple_findings_csv(self):
             finding.severity, "Critical"
         )
         self.assertEqual(
-            finding.unsaved_endpoints[0].host, "10.98.57.180"
+            finding.unsaved_endpoints[0].host, "ip-10-98-57-180.eu-west-1.compute.internal"
         )
 
         for finding in findings:
-            if finding.unsaved_endpoints[0].host == "10.98.57.180" and finding.title == "QID-105971 | EOL/Obsolete Software: Microsoft ASP.NET 1.0 Detected":
+            if finding.unsaved_endpoints[0].host == "ip-10-98-57-180.eu-west-1.compute.internal" and finding.title == "QID-105971 | EOL/Obsolete Software: Microsoft ASP.NET 1.0 Detected":
 
                 self.assertEqual(
                     finding.severity, "Critical"