Skip to content

Commit

Permalink
Merge pull request #10484 from DefectDojo/release/2.36.0
Browse files Browse the repository at this point in the history 
Release: Merge release into master from: release/2.36.0
  • Loading branch information
@Maffooch
Maffooch authored Jul 1, 2024
2 parents 81c123e + 2d2f2ab commit 659f50b
Show file tree
Hide file tree
Showing 79 changed files with 1,693 additions and 1,042 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/build-docker-images-for-testing.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:

- name: Build
id: docker_build
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
timeout-minutes: 10
with:
context: .
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/integration-tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
"tests/tool_config.py",
"openapi-validatator",
]
profile: ["mysql-rabbitmq", "postgres-redis"]
profile: ["postgres-rabbitmq", "postgres-redis"]
os: [alpine, debian]
fail-fast: false

Expand All @@ -59,10 +59,10 @@ jobs:
- name: Set integration-test mode
run: ln -s docker-compose.override.integration_tests.yml docker-compose.override.yml

# phased startup with MySQL and RabbitMQ so we can use the exit code from integrationtest container
- name: Start Dojo MySQL + RabbitMQ
if: matrix.profile == 'mysql-rabbitmq'
run: docker compose --profile ${{ matrix.profile }} --env-file ./docker/environments/${{ matrix.profile }}.env up --no-deps -d mysql nginx celerybeat celeryworker mailhog uwsgi rabbitmq
# phased startup with PostgreSQL and RabbitMQ so we can use the exit code from integrationtest container
- name: Start Dojo PostgreSQL + RabbitMQ
if: matrix.profile == 'postgres-rabbitmq'
run: docker compose --profile ${{ matrix.profile }} --env-file ./docker/environments/${{ matrix.profile }}.env up --no-deps -d postgres nginx celerybeat celeryworker mailhog uwsgi rabbitmq
env:
DJANGO_VERSION: ${{ matrix.os }}
NGINX_VERSION: ${{ matrix.os }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release-x-manual-docker-containers.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ jobs:
- name: Build and push images with debian
if: ${{ matrix.os == 'debian' }}
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
env:
REPO_ORG: ${{ env.repoorg }}
docker-image: ${{ matrix.docker-image }}
Expand All @@ -77,7 +77,7 @@ jobs:

- name: Build and push images with alpine
if: ${{ matrix.os == 'alpine' }}
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
env:
REPO_ORG: ${{ env.repoorg }}
docker-image: ${{ matrix.docker-image }}
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/rest-framework-tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,20 +34,20 @@ jobs:
run: docker/setEnv.sh unit_tests_cicd

# phased startup so we can use the exit code from unit test container
- name: Start MySQL
run: docker compose --env-file ./docker/environments/mysql-redis.env up -d mysql
- name: Start Postgres
run: docker compose --env-file ./docker/environments/postgres-redis.env up -d postgres

# no celery or initializer needed for unit tests
- name: Unit tests
timeout-minutes: 10
run: docker compose --profile mysql-redis --env-file ./docker/environments/mysql-redis.env up --no-deps --exit-code-from uwsgi uwsgi
run: docker compose --profile postgres-redis --env-file ./docker/environments/postgres-redis.env up --no-deps --exit-code-from uwsgi uwsgi
env:
DJANGO_VERSION: ${{ matrix.os }}

- name: Logs
if: failure()
run: docker compose --profile mysql-redis --env-file ./docker/environments/mysql-redis.env logs --tail="2500" uwsgi
run: docker compose --profile postgres-redis --env-file ./docker/environments/postgres-redis.env logs --tail="2500" uwsgi

- name: Shutdown
if: always()
run: docker compose --profile mysql-redis --env-file ./docker/environments/mysql-redis.env down
run: docker compose --profile postgres-redis --env-file ./docker/environments/postgres-redis.env down
2 changes: 1 addition & 1 deletion Dockerfile.nginx-alpine
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ COPY manage.py ./
COPY dojo/ ./dojo/
RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true

FROM nginx:1.27.0-alpine@sha256:69f8c2c72671490607f52122be2af27d4fc09657ff57e42045801aa93d2090f7
FROM nginx:1.27.0-alpine@sha256:a45ee5d042aaa9e81e013f97ae40c3dda26fbe98f22b6251acdf28e579560d55
ARG uid=1001
ARG appuser=defectdojo
COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.nginx-debian
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ COPY dojo/ ./dojo/

RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true

FROM nginx:1.27.0-alpine@sha256:69f8c2c72671490607f52122be2af27d4fc09657ff57e42045801aa93d2090f7
FROM nginx:1.27.0-alpine@sha256:a45ee5d042aaa9e81e013f97ae40c3dda26fbe98f22b6251acdf28e579560d55
ARG uid=1001
ARG appuser=defectdojo
COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/
Expand Down
2 changes: 1 addition & 1 deletion components/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "defectdojo",
"version": "2.35.4",
"version": "2.36.0",
"license" : "BSD-3-Clause",
"private": true,
"dependencies": {
Expand Down
4 changes: 2 additions & 2 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ services:
volumes:
- defectdojo_data:/var/lib/mysql
postgres:
image: postgres:16.3-alpine@sha256:e89da2c083a5405943408b6807cd1fd25dc9010c1294e30611b841778bedc653
image: postgres:16.3-alpine@sha256:de3d7b6e4b5b3fe899e997579d6dfe95a99539d154abe03f0b6839133ed05065
profiles:
- postgres-rabbitmq
- postgres-redis
Expand All @@ -159,7 +159,7 @@ services:
volumes:
- defectdojo_rabbitmq:/var/lib/rabbitmq
redis:
image: redis:7.2.5-alpine@sha256:0389bb8416d7c6ed065c25745179bf5d358e5d9472dd30a687ab36ffbb650262
image: redis:7.2.5-alpine@sha256:de14eedfbd1fc871d0f5aa1773fd80743930e45354d035b6f3b551e7ffa44df8
profiles:
- mysql-redis
- postgres-redis
Expand Down
2 changes: 1 addition & 1 deletion docker/entrypoint-unit-tests-devDocker.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ EOF

echo "Unit Tests"
echo "------------------------------------------------------------"
python3 manage.py test unittests -v 3 --keepdb --no-input
python3 manage.py test unittests -v 3 --keepdb --no-input --shuffle

# you can select a single file to "test" unit tests
# python3 manage.py test unittests.tools.test_npm_audit_scan_parser.TestNpmAuditParser --keepdb -v 3
Expand Down
2 changes: 1 addition & 1 deletion docker/entrypoint-unit-tests.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,4 +79,4 @@ python3 manage.py migrate

echo "Unit Tests"
echo "------------------------------------------------------------"
python3 manage.py test unittests -v 3 --keepdb --no-input
python3 manage.py test unittests -v 3 --keepdb --no-input --shuffle
1 change: 1 addition & 0 deletions docker/install_chrome_dependencies.py
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# noqa: INP001
"""
This solution is largely based on the Playwright's browser dependencies script at
https://github.com/microsoft/playwright/blob/main/utils/linux-browser-dependencies/inside_docker/list_dependencies.js
Expand Down
7 changes: 7 additions & 0 deletions docs/content/en/getting_started/upgrading/2.36.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
title: 'Upgrading to DefectDojo Version 2.36.x'
toc_hide: true
weight: -20240603
description: No special instructions.
---
There are no special instructions for upgrading to 2.36.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.36.0) for the contents of the release.
8 changes: 8 additions & 0 deletions docs/content/en/integrations/parsers/file/deepfence_threatmapper.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
title: "Deepfence Threatmapper"
toc_hide: true
---
Import compliance, malware, secret, vulnerability reports from [Deepfence Threatmapper](https://github.com/deepfence/ThreatMapper) in XLSX file format.

### Sample Scan Data
Sample Threatmapper scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/deepfence_threatmapper). In this link are both .xlsx and .csv listed. They contain the same content, but csv can be read in the Browser, but only xlsx is supported by the parser.
2 changes: 1 addition & 1 deletion dojo/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@
# Django starts so that shared_task will use this app.
from .celery import app as celery_app # noqa: F401

__version__ = '2.35.4'
__version__ = '2.36.0'
__url__ = 'https://github.com/DefectDojo/django-DefectDojo'
__docs__ = 'https://documentation.defectdojo.com'
2 changes: 2 additions & 0 deletions dojo/api_v2/serializers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -559,6 +559,8 @@ def validate(self, data):


class UserContactInfoSerializer(serializers.ModelSerializer):
user_profile = UserSerializer(many=False, source="user", read_only=True)

class Meta:
model = UserContactInfo
fields = "__all__"
Expand Down
2 changes: 1 addition & 1 deletion dojo/api_v2/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2967,7 +2967,7 @@ def report_generate(request, obj, options):
report_name = "Finding"

else:
raise Http404()
raise Http404

result = {
"product_type": product_type,
Expand Down
6 changes: 3 additions & 3 deletions dojo/authorization/authorization.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -243,17 +243,17 @@ def user_has_global_permission(user, permission):

def user_has_configuration_permission_or_403(user, permission):
if not user_has_configuration_permission(user, permission):
raise PermissionDenied()
raise PermissionDenied


def user_has_permission_or_403(user, obj, permission):
if not user_has_permission(user, obj, permission):
raise PermissionDenied()
raise PermissionDenied


def user_has_global_permission_or_403(user, permission):
if not user_has_global_permission(user, permission):
raise PermissionDenied()
raise PermissionDenied


def get_roles_for_permission(permission):
Expand Down
2 changes: 1 addition & 1 deletion dojo/decorators.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ def _wrapped(request, *args, **kw):
dojo_user = Dojo_User.objects.filter(username=username).first()
if dojo_user:
Dojo_User.enable_force_password_reset(dojo_user)
raise Ratelimited()
raise Ratelimited
return fn(request, *args, **kw)
return _wrapped
return decorator
8 changes: 4 additions & 4 deletions dojo/engagement/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@
def engagement_calendar(request):

if not get_system_setting('enable_calendar'):
raise Resolver404()
raise Resolver404

if 'lead' not in request.GET or '0' in request.GET.getlist('lead'):
engagements = get_authorized_engagements(Permissions.Engagement_View)
Expand Down Expand Up @@ -1205,7 +1205,7 @@ def add_risk_acceptance(request, eid, fid=None):
finding = get_object_or_404(Finding, id=fid)

if not eng.product.enable_full_risk_acceptance:
raise PermissionDenied()
raise PermissionDenied

if request.method == 'POST':
form = RiskAcceptanceForm(request.POST, request.FILES)
Expand Down Expand Up @@ -1283,7 +1283,7 @@ def view_edit_risk_acceptance(request, eid, raid, edit_mode=False):
eng = get_object_or_404(Engagement, pk=eid)

if edit_mode and not eng.product.enable_full_risk_acceptance:
raise PermissionDenied()
raise PermissionDenied

risk_acceptance_form = None
errors = False
Expand Down Expand Up @@ -1455,7 +1455,7 @@ def reinstate_risk_acceptance(request, eid, raid):
eng = get_object_or_404(Engagement, pk=eid)

if not eng.product.enable_full_risk_acceptance:
raise PermissionDenied()
raise PermissionDenied

ra_helper.reinstate(risk_acceptance, risk_acceptance.expiration_date)

Expand Down
12 changes: 6 additions & 6 deletions dojo/finding/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1212,7 +1212,7 @@ def post(self, request: HttpRequest, finding_id):
# Handle the case of a successful form
if success:
return redirect_to_return_url_or_else(request, reverse("view_test", args=(finding.test.id,)))
raise PermissionDenied()
raise PermissionDenied


@user_is_authorized(Finding, Permissions.Finding_Edit, "fid")
Expand Down Expand Up @@ -1500,7 +1500,7 @@ def apply_template_cwe(request, fid):
extra_tags="alert-danger",
)
else:
raise PermissionDenied()
raise PermissionDenied


@user_is_authorized(Finding, Permissions.Finding_Edit, "fid")
Expand Down Expand Up @@ -1614,7 +1614,7 @@ def simple_risk_accept(request, fid):
finding = get_object_or_404(Finding, id=fid)

if not finding.test.engagement.product.enable_simple_risk_acceptance:
raise PermissionDenied()
raise PermissionDenied

ra_helper.simple_risk_accept(finding)

Expand Down Expand Up @@ -1741,7 +1741,7 @@ def clear_finding_review(request, fid):
# the review or one of the users requested to provide the review, then
# do not allow the user to clear the review.
if user != finding.review_requested_by and user not in finding.reviewers.all():
raise PermissionDenied()
raise PermissionDenied

# in order to clear a review for a finding, we need to capture why and how it was reviewed
# we can do this with a Note
Expand Down Expand Up @@ -2058,7 +2058,7 @@ def delete_stub_finding(request, fid):
extra_tags="alert-danger",
)
else:
raise PermissionDenied()
raise PermissionDenied


@user_is_authorized(Stub_Finding, Permissions.Finding_Edit, "fid")
Expand Down Expand Up @@ -2442,7 +2442,7 @@ def delete_template(request, tid):
extra_tags="alert-danger",
)
else:
raise PermissionDenied()
raise PermissionDenied


def download_finding_pic(request, token):
Expand Down
Empty file added dojo/importers/__init__.py
View file
Empty file.
8 changes: 7 additions & 1 deletion dojo/jira_link/helper.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -618,7 +618,13 @@ def jira_environment(obj):
if isinstance(obj, Finding):
return "\n".join([str(endpoint) for endpoint in obj.endpoints.all()])
elif isinstance(obj, Finding_Group):
return "\n".join([jira_environment(finding) for finding in obj.findings.all()])
envs = [
jira_environment(finding)
for finding in obj.findings.all()
]

jira_environments = [env for env in envs if env]
return "\n".join(jira_environments)
else:
return ''

Expand Down
Loading

0 comments on commit 659f50b

Please sign in to comment.