From 185e12c8653fa968aecff2c9d199ad9ecc49b650 Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 11 Sep 2023 17:34:46 +0000 Subject: [PATCH 1/6] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index 61b2f049d4..e4bc45adb6 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.26.1", + "version": "2.27.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index 92d607db83..7f86aafb6a 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa -__version__ = '2.26.1' +__version__ = '2.27.0-dev' __url__ = 'https://github.com/DefectDojo/django-DefectDojo' __docs__ = 'https://documentation.defectdojo.com' diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index cc6d99819c..3073d38fc1 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.26.1" +appVersion: "2.27.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.85 +version: 1.6.86-dev icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap From 55fbe0d3cc148650c0f2ccd7e2c4ac29dcbbbf87 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Sep 2023 14:45:41 -0500 Subject: [PATCH 2/6] Bump gitpython from 3.1.34 to 3.1.35 (#8641) Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.34 to 3.1.35. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.34...3.1.35) --- updated-dependencies: - dependency-name: gitpython dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 1b4121a20c..a2bbd9df4e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -53,7 +53,7 @@ titlecase==2.3 social-auth-app-django==5.2.0 social-auth-core==4.4.2 Python-jose==3.3.0 -gitpython==3.1.34 +gitpython==3.1.35 debugpy==1.6.7 python-gitlab==3.15.0 drf_yasg==1.21.5 From 16c4462714b5be5420333fb2a4560a42a2a07c3b Mon Sep 17 00:00:00 2001 From: kiblik Date: Wed, 13 Sep 2023 04:09:56 +0200 Subject: [PATCH 3/6] Fix #8636: if "Development" was removed, None is used (#8644) --- dojo/engagement/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/engagement/views.py b/dojo/engagement/views.py index 4ca86babe6..e4d56c4414 100644 --- a/dojo/engagement/views.py +++ b/dojo/engagement/views.py @@ -575,7 +575,7 @@ def add_tests(request, eid): # Cant use the easy decorator because of the potential for either eid/pid being used def import_scan_results(request, eid=None, pid=None): - environment = Development_Environment.objects.get(name='Development') + environment = Development_Environment.objects.filter(name='Development').first() # If 'Development' was removed, None is used engagement = None form = ImportScanForm(initial={'environment': environment}) cred_form = CredMappingForm() From 59870cc25e7edf5956d53026fd3d235b7bc77cda Mon Sep 17 00:00:00 2001 From: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Date: Tue, 12 Sep 2023 21:17:40 -0500 Subject: [PATCH 4/6] Veracode: Add additional severity mappings for other informational findings (#8653) * Add additional severity mappings for other informational findings * Update unit tests --- Dockerfile.integration-tests-debian | 2 +- dojo/tools/veracode/json_parser.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile.integration-tests-debian b/Dockerfile.integration-tests-debian index 5a32aa6a01..70536d17e6 100644 --- a/Dockerfile.integration-tests-debian +++ b/Dockerfile.integration-tests-debian @@ -39,7 +39,7 @@ RUN \ chrome_version=$(apt-cache show google-chrome-stable | grep Version | awk '{print $2}' | cut -d '-' -f 1) && \ chrome_version_blob=$(curl -k https://googlechromelabs.github.io/chrome-for-testing/known-good-versions-with-downloads.json | jq ".versions[] | select(.version==\"$chrome_version\")") && \ chromedriver_url=$(echo $chrome_version_blob | jq -r ".downloads.chromedriver[] | select(.platform==\"linux64\") | .url") && \ - wget https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/115.0.5790.98/linux64/chromedriver-linux64.zip && \ + wget $chromedriver_url && \ unzip -j chromedriver-linux64.zip chromedriver-linux64/chromedriver && \ rm -rf chromedriver-linux64.zip && \ chmod -R 0755 . diff --git a/dojo/tools/veracode/json_parser.py b/dojo/tools/veracode/json_parser.py index fcbc46ad99..54b07a7cf4 100644 --- a/dojo/tools/veracode/json_parser.py +++ b/dojo/tools/veracode/json_parser.py @@ -25,6 +25,7 @@ class VeracodeJSONParser(object): """ severity_mapping = { + 0: "Info", 1: "Info", 2: "Low", 3: "Medium", @@ -89,7 +90,7 @@ def get_items(self, tree, test): def create_finding_from_details(self, finding_details, scan_type, policy_violated) -> Finding: # Fetch the common attributes that should be in every scan type - severity = self.severity_mapping.get(finding_details.get("severity", 1)) + severity = self.severity_mapping.get(finding_details.get("severity", 1), 1) # Set up the finding with just severity for now finding = Finding( title=f"{scan_type} Finding", From d21ae46f0504d25a345b05b8de43af68df5f0f90 Mon Sep 17 00:00:00 2001 From: testaccount90009 <122134756+testaccount90009@users.noreply.github.com> Date: Tue, 12 Sep 2023 19:25:40 -0700 Subject: [PATCH 5/6] Bump Django from 4.1.10 to 4.1.11 - CVE-2023-41164 (#8652) * Bump Django from 4.1.10 to 4.1.11 - CVE-2023-41164 Bump Django from 4.1.10 to 4.1.11 - CVE-2023-41164 * Update Dockerfile.integration-tests-debian --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index a2bbd9df4e..8607b4f094 100644 --- a/requirements.txt +++ b/requirements.txt @@ -24,7 +24,7 @@ django-slack==5.19.0 git+https://github.com/DefectDojo/django-tagging@develop#egg=django-tagging django-watson==1.6.3 django-prometheus==2.3.1 -Django==4.1.10 +Django==4.1.11 djangorestframework==3.14.0 gunicorn==21.2.0 html2text==2020.1.16 From 8ee085349083bc0d14b3a1cec3113c148de1dc39 Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Wed, 13 Sep 2023 02:27:02 +0000 Subject: [PATCH 6/6] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index e4bc45adb6..d8bb10d3e1 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.27.0-dev", + "version": "2.26.2", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index 7f86aafb6a..00a62f05b4 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa -__version__ = '2.27.0-dev' +__version__ = '2.26.2' __url__ = 'https://github.com/DefectDojo/django-DefectDojo' __docs__ = 'https://documentation.defectdojo.com' diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 3073d38fc1..4bb53b08ef 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.27.0-dev" +appVersion: "2.26.2" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.86-dev +version: 1.6.86 icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap