Skip to content

Commit

Permalink
Merge pull request #10232 from DefectDojo/master-into-dev/2.34.4-2.35…
Browse files Browse the repository at this point in the history 
….0-dev

Release: Merge back 2.34.4 into dev from: master-into-dev/2.34.4-2.35.0-dev
  • Loading branch information
@Maffooch
Maffooch authored May 20, 2024
2 parents f6f44b9 + 1f94ad7 commit c15a3a2
Show file tree
Hide file tree
Showing 8 changed files with 3,022 additions and 13 deletions.
2 changes: 1 addition & 1 deletion dojo/importers/default_reimporter.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,7 +261,7 @@ def process_findings(
# following finding in the same report
# this means untouched can have this finding inside it,
# while it is in fact a new finding. So we subtract new_items
untouched = set(unchanged_items) - set(to_mitigate) - set(new_items)
untouched = set(unchanged_items) - set(to_mitigate) - set(new_items) - set(reactivated_items)
# Process groups
self.process_groups_for_all_findings(
group_names_to_findings_dict,
Expand Down
2 changes: 1 addition & 1 deletion dojo/templates/dojo/custom_html_report_endpoint_list.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ <h3 id="findings">Endpoint Findings</h3>

<div id="endpoint_content">
{% for endpoint in endpoints %}
<div class="panel panel-warning">
<div class="panel panel-default panel-warning">
<div class="panel-heading">
<h4>
Endpoint: {{ endpoint }} with {{ endpoint.active_findings|length|apnumber }}
Expand Down
2 changes: 1 addition & 1 deletion dojo/tools/progpilot/parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ def get_description_for_scan_types(self, scan_type):

def get_findings(self, filename, test):
findings = []
description = ""
results = json.load(filename)
for result in results:
description = ""
source_name = result.get("source_name", None)
source_line = result.get("source_line", None)
source_column = result.get("source_column", None)
Expand Down
14 changes: 10 additions & 4 deletions dojo/tools/sarif/parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -416,10 +416,16 @@ def get_item(result, rules, artifacts, run_date):
# Some tools such as GitHub or Grype return the severity in properties
# instead
if "properties" in rule and "security-severity" in rule["properties"]:
cvss = float(rule["properties"]["security-severity"])
severity = cvss_to_severity(cvss)
finding.cvssv3_score = cvss
finding.severity = severity
try:
cvss = float(rule["properties"]["security-severity"])
severity = cvss_to_severity(cvss)
finding.cvssv3_score = cvss
finding.severity = severity
except ValueError:
if rule["properties"]["security-severity"].lower().capitalize() in ["Info", "Low", "Medium", "High", "Critical"]:
finding.severity = rule["properties"]["security-severity"].lower().capitalize()
else:
finding.severity = "Info"

# manage the case that some tools produce CWE as properties of the result
cwes_properties_extracted = get_result_cwes_properties(result)
Expand Down
10 changes: 5 additions & 5 deletions helm/defectdojo/Chart.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,15 @@ dependencies:
version: 9.19.1
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 15.3.1
version: 15.3.3
- name: postgresql-ha
repository: https://charts.bitnami.com/bitnami
version: 9.4.11
- name: rabbitmq
repository: https://charts.bitnami.com/bitnami
version: 14.1.3
version: 14.1.5
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 19.3.1
digest: sha256:199b9657d0824c026d020566645be242d0c50064725fb51d2a3943f2a2d70ce3
generated: "2024-05-13T17:46:25.393404332Z"
version: 19.3.4
digest: sha256:bda9c0c13031232331f49aa76f4614e03fa714d17dffdd069f8ab615551c84ff
generated: "2024-05-20T18:42:15.880031454Z"
2 changes: 1 addition & 1 deletion helm/defectdojo/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
appVersion: "2.35.0-dev"
description: A Helm chart for Kubernetes to install DefectDojo
name: defectdojo
version: 1.6.130-dev
version: 1.6.131-dev
icon: https://www.defectdojo.org/img/favicon.ico
maintainers:
- name: madchap
Expand Down
2,997 changes: 2,997 additions & 0 deletions unittests/scans/sarif/issue_10191.json
View file

Large diffs are not rendered by default.

6 changes: 6 additions & 0 deletions unittests/tools/test_sarif_parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -590,3 +590,9 @@ def test_tags_from_result_properties(self):
findings = parser.get_findings(testfile, Test())
item = findings[0]
self.assertEqual(["Scan"], item.tags)

def test_severity_in_properties(self):
with open(path.join(path.dirname(__file__), "../scans/sarif/issue_10191.json")) as testfile:
parser = SarifParser()
findings = parser.get_findings(testfile, Test())
self.assertEqual(77, len(findings))

0 comments on commit c15a3a2

Please sign in to comment.