From 8cf6871bc25c53c8e9edb90b04449301e3910552 Mon Sep 17 00:00:00 2001 From: Tomas Kubla Date: Wed, 7 Feb 2024 10:37:22 +0100 Subject: [PATCH 1/6] Drop filterwarnings "DateTimeField - timezone" --- dojo/settings/settings.dist.py | 1 - 1 file changed, 1 deletion(-) diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index fad2454b7ca..29858350807 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1726,5 +1726,4 @@ def saml2_attrib_map_format(dict): warnings.filterwarnings("ignore", category=RemovedInDjango50Warning) warnings.filterwarnings("ignore", message="invalid escape sequence.*") warnings.filterwarnings("ignore", message="'cgi' is deprecated and slated for removal in Python 3\\.13") - warnings.filterwarnings("ignore", message="DateTimeField .+ received a naive datetime .+ while time zone support is active\\.") warnings.filterwarnings("ignore", message="unclosed file .+") From dc6895dd96c686f4aa434da38454f5165f8e289c Mon Sep 17 00:00:00 2001 From: Tomas Kubla Date: Wed, 7 Feb 2024 13:39:28 +0100 Subject: [PATCH 2/6] Fix some --- unittests/test_bulk_risk_acceptance_api.py | 22 ++++++++++---------- unittests/test_finding_helper.py | 6 +++--- unittests/test_flush_auditlog.py | 8 +++---- unittests/test_import_reimport.py | 4 ++-- unittests/test_utils_deduplication_reopen.py | 2 +- 5 files changed, 21 insertions(+), 21 deletions(-) diff --git a/unittests/test_bulk_risk_acceptance_api.py b/unittests/test_bulk_risk_acceptance_api.py index dafa7d321a2..f19ccb96022 100644 --- a/unittests/test_bulk_risk_acceptance_api.py +++ b/unittests/test_bulk_risk_acceptance_api.py @@ -18,25 +18,25 @@ def setUpTestData(cls): cls.product = Product.objects.create(prod_type=cls.product_type, name='Flopper', description='Test product') Product_Type_Member.objects.create(product_type=cls.product_type, user=cls.user, role=Role.objects.get(id=Roles.Owner)) cls.product_2 = Product.objects.create(prod_type=cls.product_type, name='Flopper2', description='Test product2') - cls.engagement = Engagement.objects.create(product=cls.product, target_start=datetime.date(2000, 1, 1), - target_end=datetime.date(2000, 2, 1)) - cls.engagement_2a = Engagement.objects.create(product=cls.product_2, target_start=datetime.date(2000, 1, 1), - target_end=datetime.date(2000, 2, 1)) - cls.engagement_2b = Engagement.objects.create(product=cls.product_2, target_start=datetime.date(2000, 1, 1), - target_end=datetime.date(2000, 2, 1)) + cls.engagement = Engagement.objects.create(product=cls.product, target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), + target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) + cls.engagement_2a = Engagement.objects.create(product=cls.product_2, target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), + target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) + cls.engagement_2b = Engagement.objects.create(product=cls.product_2, target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), + target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) cls.test_type = Test_Type.objects.create(name='Risk Acceptance Mock Scan', static_tool=True) cls.test_a = Test.objects.create(engagement=cls.engagement, test_type=cls.test_type, - target_start=datetime.date(2000, 1, 1), target_end=datetime.date(2000, 2, 1)) + target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) cls.test_b = Test.objects.create(engagement=cls.engagement, test_type=cls.test_type, - target_start=datetime.date(2000, 1, 1), target_end=datetime.date(2000, 2, 1)) + target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) cls.test_c = Test.objects.create(engagement=cls.engagement, test_type=cls.test_type, - target_start=datetime.date(2000, 1, 1), target_end=datetime.date(2000, 2, 1)) + target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) cls.test_d = Test.objects.create(engagement=cls.engagement_2a, test_type=cls.test_type, - target_start=datetime.date(2000, 1, 1), target_end=datetime.date(2000, 2, 1)) + target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) cls.test_e = Test.objects.create(engagement=cls.engagement_2b, test_type=cls.test_type, - target_start=datetime.date(2000, 1, 1), target_end=datetime.date(2000, 2, 1)) + target_start=datetime.datetime(2000, 1, 1, tzinfo=datetime.timezone.utc), target_end=datetime.datetime(2000, 2, 1, tzinfo=datetime.timezone.utc)) def create_finding(test: Test, reporter: User, cve: str) -> Finding: return Finding(test=test, title='Finding {}'.format(cve), cve=cve, severity='High', verified=True, diff --git a/unittests/test_finding_helper.py b/unittests/test_finding_helper.py index 00f7198234b..d3e6bf71293 100644 --- a/unittests/test_finding_helper.py +++ b/unittests/test_finding_helper.py @@ -93,7 +93,7 @@ def test_mark_old_active_as_mitigated(self, mock_can_edit, mock_tz): def test_mark_old_active_as_mitigated_custom_edit(self, mock_can_edit, mock_tz): mock_tz.return_value = frozen_datetime - custom_mitigated = datetime.datetime.now() + custom_mitigated = datetime.datetime.now(datetime.timezone.utc) with impersonate(self.user_1): test = Test.objects.last() @@ -115,7 +115,7 @@ def test_mark_old_active_as_mitigated_custom_edit(self, mock_can_edit, mock_tz): def test_update_old_mitigated_with_custom_edit(self, mock_can_edit, mock_tz): mock_tz.return_value = frozen_datetime - custom_mitigated = datetime.datetime.now() + custom_mitigated = datetime.datetime.now(datetime.timezone.utc) with impersonate(self.user_1): test = Test.objects.last() @@ -137,7 +137,7 @@ def test_update_old_mitigated_with_custom_edit(self, mock_can_edit, mock_tz): def test_update_old_mitigated_with_missing_data(self, mock_can_edit, mock_tz): mock_tz.return_value = frozen_datetime - custom_mitigated = datetime.datetime.now() + custom_mitigated = datetime.datetime.now(datetime.timezone.utc) with impersonate(self.user_1): test = Test.objects.last() diff --git a/unittests/test_flush_auditlog.py b/unittests/test_flush_auditlog.py index ffaeb538baa..1cbdb4ff62d 100644 --- a/unittests/test_flush_auditlog.py +++ b/unittests/test_flush_auditlog.py @@ -2,7 +2,7 @@ from .dojo_test_case import DojoTestCase from django.test import override_settings from auditlog.models import LogEntry -from datetime import date, datetime +from datetime import date, datetime, timezone from dojo.models import Finding from dateutil.relativedelta import relativedelta import logging @@ -29,8 +29,8 @@ def test_delete_all_entries(self): @override_settings(AUDITLOG_FLUSH_RETENTION_PERIOD=1) def test_delete_entries_with_retention_period(self): - entries_before = LogEntry.objects.filter(timestamp__date__lt=date.today()).count() - two_weeks_ago = datetime.today() - relativedelta(weeks=2) + entries_before = LogEntry.objects.filter(timestamp__date__lt=datetime.now(timezone.utc)).count() + two_weeks_ago = datetime.now(timezone.utc) - relativedelta(weeks=2) log_entry = LogEntry.objects.log_create( instance=Finding.objects.all()[0], timestamp=two_weeks_ago, @@ -40,6 +40,6 @@ def test_delete_entries_with_retention_period(self): log_entry.timestamp = two_weeks_ago log_entry.save() flush_auditlog() - entries_after = LogEntry.objects.filter(timestamp__date__lt=date.today()).count() + entries_after = LogEntry.objects.filter(timestamp__date__lt=datetime.now(timezone.utc)).count() # we have three old log entries in our testdata and added a new one self.assertEqual(entries_before - 3 + 1, entries_after) diff --git a/unittests/test_import_reimport.py b/unittests/test_import_reimport.py index 92bcb0097d3..535bc488d19 100644 --- a/unittests/test_import_reimport.py +++ b/unittests/test_import_reimport.py @@ -1430,8 +1430,8 @@ def test_import_reimport_vulnerability_ids(self): engagement=test.engagement, test_type=test_type, scan_type=self.anchore_grype_scan_type, - target_start=datetime.datetime.now(), - target_end=datetime.datetime.now(), + target_start=datetime.datetime.now(datetime.timezone.utc), + target_end=datetime.datetime.now(datetime.timezone.utc), ) reimport_test.save() diff --git a/unittests/test_utils_deduplication_reopen.py b/unittests/test_utils_deduplication_reopen.py index 0d4e7c24d31..50ff0832e0a 100644 --- a/unittests/test_utils_deduplication_reopen.py +++ b/unittests/test_utils_deduplication_reopen.py @@ -14,7 +14,7 @@ def setUp(self): self.finding_a = Finding.objects.get(id=2) self.finding_a.pk = None self.finding_a.duplicate = False - self.finding_a.mitigated = datetime.date(1970, 1, 1) + self.finding_a.mitigated = datetime.datetime(1970, 1, 1, tzinfo=datetime.timezone.utc) self.finding_a.is_mitigated = True self.finding_a.false_p = True self.finding_a.active = False From 2164185a0de7b23382f1b00e00097f25a67bb7a3 Mon Sep 17 00:00:00 2001 From: Tomas Kubla Date: Wed, 7 Feb 2024 16:36:28 +0100 Subject: [PATCH 3/6] Fix of RA test + importers --- dojo/importers/importer/importer.py | 5 +++++ dojo/importers/reimporter/reimporter.py | 5 +++++ unittests/test_risk_acceptance.py | 7 ++++--- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/dojo/importers/importer/importer.py b/dojo/importers/importer/importer.py index 4b3b1d43c6c..2b52a634579 100644 --- a/dojo/importers/importer/importer.py +++ b/dojo/importers/importer/importer.py @@ -103,6 +103,11 @@ def process_parsed_findings(self, test, parsed_findings, scan_type, user, active # finding's severity is below the configured threshold : ignoring the finding continue + # Some parsers provide "mitigated" field but do not set timezone (because they are probably not available in the report) + # Finding.mitigated is DateTimeField and it requires timezone + if item.mitigated and not item.mitigated.tzinfo: + item.mitigated.replace(tzinfo=now.tzinfo) + item.test = test item.reporter = user if user else get_current_user item.last_reviewed = now diff --git a/dojo/importers/reimporter/reimporter.py b/dojo/importers/reimporter/reimporter.py index 107068d11fa..2faadf030d8 100644 --- a/dojo/importers/reimporter/reimporter.py +++ b/dojo/importers/reimporter/reimporter.py @@ -89,6 +89,11 @@ def process_parsed_findings( item.component_version if hasattr(item, "component_version") else None ) + # Some parsers provide "mitigated" field but do not set timezone (because it is probably not available in the report) + # Finding.mitigated is DateTimeField and it requires timezone + if item.mitigated and not item.mitigated.tzinfo: + item.mitigated.replace(tzinfo=now.tzinfo) + if not hasattr(item, "test"): item.test = test diff --git a/unittests/test_risk_acceptance.py b/unittests/test_risk_acceptance.py index e652fc132b7..0a7af415b46 100644 --- a/unittests/test_risk_acceptance.py +++ b/unittests/test_risk_acceptance.py @@ -12,6 +12,7 @@ # from unittest import skip import dojo.risk_acceptance.helper as ra_helper import logging +import datetime logger = logging.getLogger(__name__) @@ -264,9 +265,9 @@ def test_expiration_handler(self): # ra1: expire in 9 days -> warn:yes, expire:no # ra2: expire in 11 days -> warn:no, expire:no # ra3: expire 5 days ago -> warn:no, expire:yes (expiration not handled yet, so expire) - ra1.expiration_date = timezone.now().date() + relativedelta(days=heads_up_days - 1) - ra2.expiration_date = timezone.now().date() + relativedelta(days=heads_up_days + 1) - ra3.expiration_date = timezone.now().date() - relativedelta(days=5) + ra1.expiration_date = timezone.now(datetime.timezone.utc) + relativedelta(days=heads_up_days - 1) + ra2.expiration_date = timezone.now(datetime.timezone.utc) + relativedelta(days=heads_up_days + 1) + ra3.expiration_date = timezone.now(datetime.timezone.utc) - relativedelta(days=5) ra1.save() ra2.save() ra3.save() From 9f1a73083448bfc98bfbdbd81f52348ca730637a Mon Sep 17 00:00:00 2001 From: Tomas Kubla Date: Wed, 7 Feb 2024 19:15:32 +0100 Subject: [PATCH 4/6] Fix RA --- unittests/test_risk_acceptance.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/unittests/test_risk_acceptance.py b/unittests/test_risk_acceptance.py index 0a7af415b46..e677ff4286a 100644 --- a/unittests/test_risk_acceptance.py +++ b/unittests/test_risk_acceptance.py @@ -265,9 +265,9 @@ def test_expiration_handler(self): # ra1: expire in 9 days -> warn:yes, expire:no # ra2: expire in 11 days -> warn:no, expire:no # ra3: expire 5 days ago -> warn:no, expire:yes (expiration not handled yet, so expire) - ra1.expiration_date = timezone.now(datetime.timezone.utc) + relativedelta(days=heads_up_days - 1) - ra2.expiration_date = timezone.now(datetime.timezone.utc) + relativedelta(days=heads_up_days + 1) - ra3.expiration_date = timezone.now(datetime.timezone.utc) - relativedelta(days=5) + ra1.expiration_date = datetime.datetime.now(datetime.timezone.utc) + relativedelta(days=heads_up_days - 1) + ra2.expiration_date = datetime.datetime.now(datetime.timezone.utc) + relativedelta(days=heads_up_days + 1) + ra3.expiration_date = datetime.datetime.now(datetime.timezone.utc) - relativedelta(days=5) ra1.save() ra2.save() ra3.save() From a1f870ac74d37012db5b230c80f2957729f17f55 Mon Sep 17 00:00:00 2001 From: Tomas Kubla Date: Thu, 8 Feb 2024 23:46:05 +0100 Subject: [PATCH 5/6] Fix importers --- dojo/importers/importer/importer.py | 2 +- dojo/importers/reimporter/reimporter.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dojo/importers/importer/importer.py b/dojo/importers/importer/importer.py index 2b52a634579..7552f9184ef 100644 --- a/dojo/importers/importer/importer.py +++ b/dojo/importers/importer/importer.py @@ -106,7 +106,7 @@ def process_parsed_findings(self, test, parsed_findings, scan_type, user, active # Some parsers provide "mitigated" field but do not set timezone (because they are probably not available in the report) # Finding.mitigated is DateTimeField and it requires timezone if item.mitigated and not item.mitigated.tzinfo: - item.mitigated.replace(tzinfo=now.tzinfo) + item.mitigated = item.mitigated.replace(tzinfo=now.tzinfo) item.test = test item.reporter = user if user else get_current_user diff --git a/dojo/importers/reimporter/reimporter.py b/dojo/importers/reimporter/reimporter.py index 2faadf030d8..d02d1dc1b17 100644 --- a/dojo/importers/reimporter/reimporter.py +++ b/dojo/importers/reimporter/reimporter.py @@ -92,7 +92,7 @@ def process_parsed_findings( # Some parsers provide "mitigated" field but do not set timezone (because it is probably not available in the report) # Finding.mitigated is DateTimeField and it requires timezone if item.mitigated and not item.mitigated.tzinfo: - item.mitigated.replace(tzinfo=now.tzinfo) + item.mitigated = item.mitigated.replace(tzinfo=now.tzinfo) if not hasattr(item, "test"): item.test = test From 2af798ff9a401a73e799ac0e74ff9105950cb3fd Mon Sep 17 00:00:00 2001 From: Matt Tesauro Date: Thu, 15 Feb 2024 22:10:41 -0600 Subject: [PATCH 6/6] Fix Flake8 --- dojo/settings/settings.dist.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 1797eaa5807..52972291844 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1691,4 +1691,4 @@ def saml2_attrib_map_format(dict): from django.utils.deprecation import RemovedInDjango50Warning warnings.filterwarnings("ignore", category=RemovedInDjango50Warning) warnings.filterwarnings("ignore", message="'cgi' is deprecated and slated for removal in Python 3\\.13") - warnings.filterwarnings("ignore", message="unclosed file .+") \ No newline at end of file + warnings.filterwarnings("ignore", message="unclosed file .+")