Release: Merge back 2.36.4 into dev from: master-into-dev/2.36.4-2.37.0-dev

[github-actions]

Release triggered by Maffooch

[dryrunsecurity]

DryRun Security Summary

The pull request includes a range of updates across different components of the Defect Dojo application, focusing on improving the security and reliability of various features, such as the import and re-import functionality, Helm chart management, and the Aqua security scan parser.

Expand for full summary

Summary:

The code changes in this pull request cover a range of updates across different components of the Defect Dojo application. The changes focus on improving the security and reliability of various features, including the import and re-import functionality, Helm chart management, and the Aqua security scan parser.

Key security-related changes include:

1. Enhancing data validation in the ImportScanSerializer and ReImportScanSerializer to ensure valid input data, such as checking for future scan dates and file size limits.
2. Improving the Aqua security scan parser to handle edge cases, such as missing vulnerability data and generating unique finding keys.
3. Adding a test case to ensure the Aqua parser correctly handles a specific JSON file with known issues.
4. Updating Helm chart dependencies to their latest versions, which can help address known vulnerabilities.

While the changes do not introduce any immediate security concerns, it is important to thoroughly review the overall impact of the updates and ensure that there are no unintended consequences or side effects that could affect the application's security posture.

Files Changed:

1. dojo/importers/options.py: Changes to the compress_options and decompress_options methods to handle list of models more accurately.
2. dojo/tools/aqua/parser.py: Improvements to the get_items function in the AquaParser class, including better handling of vulnerability data and severity classification.
3. dojo/finding/views.py: Updates to the close_finding function to enforce mandatory notes, update finding and endpoint statuses, and handle JIRA integration.
4. dojo/api_v2/serializers.py: Enhancements to the ImportScanSerializer and ReImportScanSerializer classes, including validation for endpoint IDs, scan dates, file sizes, and API scan configurations.
5. helm/defectdojo/Chart.lock: Version updates for the postgresql and redis Helm chart dependencies.
6. helm/defectdojo/Chart.yaml: Update to the DefectDojo Helm chart version.
7. unittests/scans/aqua/issue_10585.json: Test data file containing the results of an Aqua security scan.
8. unittests/tools/test_aqua_parser.py: Addition of a new test case to ensure the AquaParser correctly handles the issue_10585.json file.

Code Analysis

We ran 9 analyzers against 8 files and 2 analyzers had findings. 7 analyzers had no findings.

Analyzer	Findings
Configured Codepaths Analyzer	1 finding
Authn/Authz Analyzer	1 finding

Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

[sonarqubecloud]

Quality Gate failed

Failed conditions
3.3% Duplication on New Code (required ≤ 3%)

See analysis details on SonarCloud