Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release: Merge back 2.34.4 into dev from: master-into-dev/2.34.4-2.35.0-dev #10232

Merged
merged 11 commits into from
May 20, 2024
2 changes: 1 addition & 1 deletion dojo/importers/default_reimporter.py
Original file line number Diff line number Diff line change
Expand Up @@ -261,7 +261,7 @@ def process_findings(
# following finding in the same report
# this means untouched can have this finding inside it,
# while it is in fact a new finding. So we subtract new_items
untouched = set(unchanged_items) - set(to_mitigate) - set(new_items)
untouched = set(unchanged_items) - set(to_mitigate) - set(new_items) - set(reactivated_items)
# Process groups
self.process_groups_for_all_findings(
group_names_to_findings_dict,
Expand Down
2 changes: 1 addition & 1 deletion dojo/templates/dojo/custom_html_report_endpoint_list.html
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ <h3 id="findings">Endpoint Findings</h3>

<div id="endpoint_content">
{% for endpoint in endpoints %}
<div class="panel panel-warning">
<div class="panel panel-default panel-warning">
<div class="panel-heading">
<h4>
Endpoint: {{ endpoint }} with {{ endpoint.active_findings|length|apnumber }}
Expand Down
2 changes: 1 addition & 1 deletion dojo/tools/progpilot/parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ def get_description_for_scan_types(self, scan_type):

def get_findings(self, filename, test):
findings = []
description = ""
results = json.load(filename)
for result in results:
description = ""
source_name = result.get("source_name", None)
source_line = result.get("source_line", None)
source_column = result.get("source_column", None)
Expand Down
14 changes: 10 additions & 4 deletions dojo/tools/sarif/parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -416,10 +416,16 @@ def get_item(result, rules, artifacts, run_date):
# Some tools such as GitHub or Grype return the severity in properties
# instead
if "properties" in rule and "security-severity" in rule["properties"]:
cvss = float(rule["properties"]["security-severity"])
severity = cvss_to_severity(cvss)
finding.cvssv3_score = cvss
finding.severity = severity
try:
cvss = float(rule["properties"]["security-severity"])
severity = cvss_to_severity(cvss)
finding.cvssv3_score = cvss
finding.severity = severity
except ValueError:
if rule["properties"]["security-severity"].lower().capitalize() in ["Info", "Low", "Medium", "High", "Critical"]:
finding.severity = rule["properties"]["security-severity"].lower().capitalize()
else:
finding.severity = "Info"

# manage the case that some tools produce CWE as properties of the result
cwes_properties_extracted = get_result_cwes_properties(result)
Expand Down
10 changes: 5 additions & 5 deletions helm/defectdojo/Chart.lock
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,15 @@ dependencies:
version: 9.19.1
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 15.3.1
version: 15.3.3
- name: postgresql-ha
repository: https://charts.bitnami.com/bitnami
version: 9.4.11
- name: rabbitmq
repository: https://charts.bitnami.com/bitnami
version: 14.1.3
version: 14.1.5
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 19.3.1
digest: sha256:199b9657d0824c026d020566645be242d0c50064725fb51d2a3943f2a2d70ce3
generated: "2024-05-13T17:46:25.393404332Z"
version: 19.3.4
digest: sha256:bda9c0c13031232331f49aa76f4614e03fa714d17dffdd069f8ab615551c84ff
generated: "2024-05-20T18:42:15.880031454Z"
2 changes: 1 addition & 1 deletion helm/defectdojo/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
appVersion: "2.35.0-dev"
description: A Helm chart for Kubernetes to install DefectDojo
name: defectdojo
version: 1.6.130-dev
version: 1.6.131-dev
icon: https://www.defectdojo.org/img/favicon.ico
maintainers:
- name: madchap
Expand Down
2,997 changes: 2,997 additions & 0 deletions unittests/scans/sarif/issue_10191.json

Large diffs are not rendered by default.

6 changes: 6 additions & 0 deletions unittests/tools/test_sarif_parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -590,3 +590,9 @@ def test_tags_from_result_properties(self):
findings = parser.get_findings(testfile, Test())
item = findings[0]
self.assertEqual(["Scan"], item.tags)

def test_severity_in_properties(self):
with open(path.join(path.dirname(__file__), "../scans/sarif/issue_10191.json")) as testfile:
parser = SarifParser()
findings = parser.get_findings(testfile, Test())
self.assertEqual(77, len(findings))
Loading