add engagement closed MS teams, Email, Alert, and Slack template

[hblankenship]

Add a MS Teams, Email, Alert, and Slack template for engagement closed.
[sc-6170]

[dryrunsecurity]

DryRun Security Summary

The pull request updates the notification templates for the DefectDojo application, focusing on improving the security, internationalization, and localization of the Microsoft Teams, Slack, and email notifications sent when an engagement is closed.

Expand for full summary

Summary:

The code changes in this pull request are focused on updating the notification templates for the DefectDojo application. The changes include updates to the Microsoft Teams, Slack, and email notification templates that are used to inform users when an engagement is closed.

From an application security perspective, the changes do not introduce any obvious security vulnerabilities. The templates are using secure templating systems, such as Jinja2 and Django's template language, which help prevent common web application vulnerabilities like cross-site scripting (XSS). The templates also include features for internationalization and localization, as well as the ability to display system-level disclaimers.

The key security-related aspects of the changes include:

1. Proper handling of user-supplied data, such as engagement and product names, to prevent potential injection attacks.
2. The use of automatic HTML escaping to mitigate XSS vulnerabilities.
3. The inclusion of system-level disclaimers to inform users about the limitations and responsibilities associated with the application.

Overall, the changes appear to be focused on improving the notification functionality of the DefectDojo application, with a strong emphasis on security and internationalization/localization considerations.

Files Changed:

1. dojo/templates/notifications/msteams/engagement_closed.tpl: This Jinja2 template is used to generate a Microsoft Teams notification message when an engagement is closed. The changes do not introduce any obvious security concerns and include features for internationalization and the display of a system-level disclaimer.

2. dojo/templates/notifications/alert/engagement_closed.tpl: This Jinja2 template is used to generate a notification message when an engagement is closed. The changes add new template blocks to include the engagement name and product, with proper escaping to prevent potential injection attacks.

3. dojo/templates/notifications/slack/engagement_closed.tpl: This Django template is used to generate the content of the Slack notification when an engagement is closed. The changes do not introduce any obvious security concerns and include features for internationalization and the display of a system-level disclaimer.

4. dojo/templates/notifications/mail/engagement_closed.tpl: This Django template is used to generate an email notification when an engagement is closed. The changes include features for internationalization, dynamic content generation, automatic HTML escaping, and the display of a system-level disclaimer, all of which are important security considerations.

Code Analysis

We ran 9 analyzers against 4 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved

[kiblik]

I suppose it might be a good idea to add it to all notification processors (alerts, slack, mail).

[Maffooch]

@kiblik thank you for calling this out! I agree with that move