Release: Merge back 2.39.1 into dev from: master-into-dev/2.39.1-2.40.0-dev

[github-actions]

Release triggered by rossops

[dryrunsecurity]

DryRun Security Summary

This pull request introduces a range of updates and improvements to the DefectDojo application, focusing on enhancing the JIRA integration functionality, addressing potential security concerns, and improving the overall security and reliability of the application.

Expand for full summary

Summary:

The code changes in this pull request cover a wide range of updates and improvements to the DefectDojo application, with a focus on enhancing the JIRA integration functionality and addressing potential security concerns.

The key changes include:

1. Introducing a new "enabled" field for JIRA projects, allowing users to disable the JIRA integration for specific products without losing previously pushed findings.
2. Improving the handling of JIRA-related errors and edge cases, such as missing account IDs and invalid JIRA configurations.
3. Expanding the JIRA integration configuration options, including the ability to customize the JIRA issue template directory and handle different JIRA project inheritance scenarios.
4. Updating the Netsparker parser to improve date parsing and the handling of false positives and accepted risks.
5. Enhancing the unit tests for the JIRA integration, parser functionality, and other security-related components of the application.

From an application security perspective, these changes demonstrate a focus on improving the overall security and reliability of the DefectDojo application. The introduction of the "enabled" field for JIRA projects, the robust error handling, and the comprehensive unit testing all contribute to a more secure and maintainable application.

Files Changed:

1. dojo/db_migrations/0217_jira_project_enabled.py: Adds a new "enabled" field to the JIRA_Project model, allowing users to disable the JIRA integration for specific products.
2. dojo/home/views.py: Updates the filtering of the "findings" queryset to use the "date" field instead of the "created" field.
3. dojo/api_v2/views.py: Adds the "enabled" field as a filterable field in the JiraProjectViewSet.
4. dojo/forms.py: Introduces new JIRA integration forms, including the ability to customize the JIRA issue template directory.
5. dojo/jira_link/helper.py: Enhances the JIRA integration functionality, including handling disabled JIRA projects, updating issue status, and preventing pushing findings to disabled JIRA projects.
6. dojo/jira_link/views.py: Reorganizes the JIRA configuration views and updates the webhook handling logic.
7. dojo/jira_link/urls.py: Adds a new URL route for the "advanced" JIRA integration functionality.
8. dojo/models.py: Adds the "enabled" field to the JIRA_Project model.
9. dojo/tools/awssecurityhub/parser.py: Improves the handling of missing account IDs and different Security Hub report formats.
10. dojo/tools/netsparker/parser.py: Enhances the date parsing and the handling of false positives and accepted risks for the Netsparker parser.
11. Other files related to unit tests, documentation, and configuration updates.

Code Analysis

We ran 9 analyzers against 30 files and 3 analyzers had findings. 6 analyzers had no findings.

Analyzer	Findings
Configured Codepaths Analyzer	16 findings
Authn/Authz Analyzer	5 findings
Sensitive Files Analyzer	2 findings

Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.