diff --git a/dojo/importers/importer/importer.py b/dojo/importers/importer/importer.py index 4b3b1d43c6c..7552f9184ef 100644 --- a/dojo/importers/importer/importer.py +++ b/dojo/importers/importer/importer.py @@ -103,6 +103,11 @@ def process_parsed_findings(self, test, parsed_findings, scan_type, user, active # finding's severity is below the configured threshold : ignoring the finding continue + # Some parsers provide "mitigated" field but do not set timezone (because they are probably not available in the report) + # Finding.mitigated is DateTimeField and it requires timezone + if item.mitigated and not item.mitigated.tzinfo: + item.mitigated = item.mitigated.replace(tzinfo=now.tzinfo) + item.test = test item.reporter = user if user else get_current_user item.last_reviewed = now diff --git a/dojo/importers/reimporter/reimporter.py b/dojo/importers/reimporter/reimporter.py index 107068d11fa..d02d1dc1b17 100644 --- a/dojo/importers/reimporter/reimporter.py +++ b/dojo/importers/reimporter/reimporter.py @@ -89,6 +89,11 @@ def process_parsed_findings( item.component_version if hasattr(item, "component_version") else None ) + # Some parsers provide "mitigated" field but do not set timezone (because it is probably not available in the report) + # Finding.mitigated is DateTimeField and it requires timezone + if item.mitigated and not item.mitigated.tzinfo: + item.mitigated = item.mitigated.replace(tzinfo=now.tzinfo) + if not hasattr(item, "test"): item.test = test diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index c928cd7d172..52972291844 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1691,4 +1691,4 @@ def saml2_attrib_map_format(dict): from django.utils.deprecation import RemovedInDjango50Warning warnings.filterwarnings("ignore", category=RemovedInDjango50Warning) warnings.filterwarnings("ignore", message="'cgi' is deprecated and slated for removal in Python 3\\.13") - warnings.filterwarnings("ignore", message="DateTimeField .+ received a naive datetime .+ while time zone support is active\\.") + warnings.filterwarnings("ignore", message="unclosed file .+") diff --git a/unittests/test_bulk_risk_acceptance_api.py b/unittests/test_bulk_risk_acceptance_api.py index dafa7d321a2..f19ccb96022 100644 --- a/unittests/test_bulk_risk_acceptance_api.py +++ b/unittests/test_bulk_risk_acceptance_api.py @@ -18,25 +18,25 @@ def setUpTestData(cls): cls.product = Product.objects.create(prod_type=cls.product_type, name='Flopper', description='Test product') Product_Type_Member.objects.create(product_type=cls.product_type, user=cls.user, role=Role.objects.get(id=Roles.Owner)) cls.product_2 = Product.objects.create(prod_type=cls.product_type, name='Flopper2', description='Test product2') - cls.engagement = Engagement.objects.create(product=cls.product, target_start=datetime.date(2000, 1, 1), - target_end=datetime.date(2000, 2, 1)) - cls.engagement_2a = Engagement.objects.create(product=cls.product_2, target_start=datetime.date(2000, 1, 1), - target_end=datetime.date(2000, 2, 1)) - cls.engagement_2b = Engagement.objects.create(product=cls.product_2, target_start=datetime.date(2000, 1, 1), - target_end=datetime.date(2000, 2, 1)) + cls.engagement = Engagement.objects.create(product=cls.product, target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), + target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) + cls.engagement_2a = Engagement.objects.create(product=cls.product_2, target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), + target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) + cls.engagement_2b = Engagement.objects.create(product=cls.product_2, target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), + target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) cls.test_type = Test_Type.objects.create(name='Risk Acceptance Mock Scan', static_tool=True) cls.test_a = Test.objects.create(engagement=cls.engagement, test_type=cls.test_type, - target_start=datetime.date(2000, 1, 1), target_end=datetime.date(2000, 2, 1)) + target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) cls.test_b = Test.objects.create(engagement=cls.engagement, test_type=cls.test_type, - target_start=datetime.date(2000, 1, 1), target_end=datetime.date(2000, 2, 1)) + target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) cls.test_c = Test.objects.create(engagement=cls.engagement, test_type=cls.test_type, - target_start=datetime.date(2000, 1, 1), target_end=datetime.date(2000, 2, 1)) + target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) cls.test_d = Test.objects.create(engagement=cls.engagement_2a, test_type=cls.test_type, - target_start=datetime.date(2000, 1, 1), target_end=datetime.date(2000, 2, 1)) + target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) cls.test_e = Test.objects.create(engagement=cls.engagement_2b, test_type=cls.test_type, - target_start=datetime.date(2000, 1, 1), target_end=datetime.date(2000, 2, 1)) + target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) def create_finding(test: Test, reporter: User, cve: str) -> Finding: return Finding(test=test, title='Finding {}'.format(cve), cve=cve, severity='High', verified=True, diff --git a/unittests/test_finding_helper.py b/unittests/test_finding_helper.py index 00f7198234b..d3e6bf71293 100644 --- a/unittests/test_finding_helper.py +++ b/unittests/test_finding_helper.py @@ -93,7 +93,7 @@ def test_mark_old_active_as_mitigated(self, mock_can_edit, mock_tz): def test_mark_old_active_as_mitigated_custom_edit(self, mock_can_edit, mock_tz): mock_tz.return_value = frozen_datetime - custom_mitigated = datetime.datetime.now() + custom_mitigated = datetime.datetime.now(datetime.timezone.utc) with impersonate(self.user_1): test = Test.objects.last() @@ -115,7 +115,7 @@ def test_mark_old_active_as_mitigated_custom_edit(self, mock_can_edit, mock_tz): def test_update_old_mitigated_with_custom_edit(self, mock_can_edit, mock_tz): mock_tz.return_value = frozen_datetime - custom_mitigated = datetime.datetime.now() + custom_mitigated = datetime.datetime.now(datetime.timezone.utc) with impersonate(self.user_1): test = Test.objects.last() @@ -137,7 +137,7 @@ def test_update_old_mitigated_with_custom_edit(self, mock_can_edit, mock_tz): def test_update_old_mitigated_with_missing_data(self, mock_can_edit, mock_tz): mock_tz.return_value = frozen_datetime - custom_mitigated = datetime.datetime.now() + custom_mitigated = datetime.datetime.now(datetime.timezone.utc) with impersonate(self.user_1): test = Test.objects.last() diff --git a/unittests/test_flush_auditlog.py b/unittests/test_flush_auditlog.py index ffaeb538baa..1cbdb4ff62d 100644 --- a/unittests/test_flush_auditlog.py +++ b/unittests/test_flush_auditlog.py @@ -2,7 +2,7 @@ from .dojo_test_case import DojoTestCase from django.test import override_settings from auditlog.models import LogEntry -from datetime import date, datetime +from datetime import date, datetime, timezone from dojo.models import Finding from dateutil.relativedelta import relativedelta import logging @@ -29,8 +29,8 @@ def test_delete_all_entries(self): @override_settings(AUDITLOG_FLUSH_RETENTION_PERIOD=1) def test_delete_entries_with_retention_period(self): - entries_before = LogEntry.objects.filter(timestamp__date__lt=date.today()).count() - two_weeks_ago = datetime.today() - relativedelta(weeks=2) + entries_before = LogEntry.objects.filter(timestamp__date__lt=datetime.now(timezone.utc)).count() + two_weeks_ago = datetime.now(timezone.utc) - relativedelta(weeks=2) log_entry = LogEntry.objects.log_create( instance=Finding.objects.all()[0], timestamp=two_weeks_ago, @@ -40,6 +40,6 @@ def test_delete_entries_with_retention_period(self): log_entry.timestamp = two_weeks_ago log_entry.save() flush_auditlog() - entries_after = LogEntry.objects.filter(timestamp__date__lt=date.today()).count() + entries_after = LogEntry.objects.filter(timestamp__date__lt=datetime.now(timezone.utc)).count() # we have three old log entries in our testdata and added a new one self.assertEqual(entries_before - 3 + 1, entries_after) diff --git a/unittests/test_import_reimport.py b/unittests/test_import_reimport.py index 92bcb0097d3..535bc488d19 100644 --- a/unittests/test_import_reimport.py +++ b/unittests/test_import_reimport.py @@ -1430,8 +1430,8 @@ def test_import_reimport_vulnerability_ids(self): engagement=test.engagement, test_type=test_type, scan_type=self.anchore_grype_scan_type, - target_start=datetime.datetime.now(), - target_end=datetime.datetime.now(), + target_start=datetime.datetime.now(datetime.timezone.utc), + target_end=datetime.datetime.now(datetime.timezone.utc), ) reimport_test.save() diff --git a/unittests/test_risk_acceptance.py b/unittests/test_risk_acceptance.py index e652fc132b7..e677ff4286a 100644 --- a/unittests/test_risk_acceptance.py +++ b/unittests/test_risk_acceptance.py @@ -12,6 +12,7 @@ # from unittest import skip import dojo.risk_acceptance.helper as ra_helper import logging +import datetime logger = logging.getLogger(__name__) @@ -264,9 +265,9 @@ def test_expiration_handler(self): # ra1: expire in 9 days -> warn:yes, expire:no # ra2: expire in 11 days -> warn:no, expire:no # ra3: expire 5 days ago -> warn:no, expire:yes (expiration not handled yet, so expire) - ra1.expiration_date = timezone.now().date() + relativedelta(days=heads_up_days - 1) - ra2.expiration_date = timezone.now().date() + relativedelta(days=heads_up_days + 1) - ra3.expiration_date = timezone.now().date() - relativedelta(days=5) + ra1.expiration_date = datetime.datetime.now(datetime.timezone.utc) + relativedelta(days=heads_up_days - 1) + ra2.expiration_date = datetime.datetime.now(datetime.timezone.utc) + relativedelta(days=heads_up_days + 1) + ra3.expiration_date = datetime.datetime.now(datetime.timezone.utc) - relativedelta(days=5) ra1.save() ra2.save() ra3.save() diff --git a/unittests/test_utils_deduplication_reopen.py b/unittests/test_utils_deduplication_reopen.py index 0d4e7c24d31..50ff0832e0a 100644 --- a/unittests/test_utils_deduplication_reopen.py +++ b/unittests/test_utils_deduplication_reopen.py @@ -14,7 +14,7 @@ def setUp(self): self.finding_a = Finding.objects.get(id=2) self.finding_a.pk = None self.finding_a.duplicate = False - self.finding_a.mitigated = datetime.date(1970, 1, 1) + self.finding_a.mitigated = datetime.datetime(1970, 1, 1, tzinfo=datetime.timezone.utc) self.finding_a.is_mitigated = True self.finding_a.false_p = True self.finding_a.active = False