From ac6869113c83226f4f47d62b5fed7ff9c4a4f84f Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 2 Oct 2023 15:53:00 +0000 Subject: [PATCH 1/8] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index 9786d4d713..f1ee3fdae0 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.27.0", + "version": "2.28.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index 23b7a3590c..e7576a482e 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa -__version__ = '2.27.0' +__version__ = '2.28.0-dev' __url__ = 'https://github.com/DefectDojo/django-DefectDojo' __docs__ = 'https://documentation.defectdojo.com' diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index d9a7cece46..fbaead105b 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.27.0" +appVersion: "2.28.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.89 +version: 1.6.90-dev icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap From 13063756f26d3fe1d6e63a230f3f2bfb33ebdbef Mon Sep 17 00:00:00 2001 From: Tomas Kubla Date: Mon, 2 Oct 2023 22:55:13 +0200 Subject: [PATCH 2/8] release notes for 2.27.x --- docs/content/en/getting_started/upgrading.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/content/en/getting_started/upgrading.md b/docs/content/en/getting_started/upgrading.md index daeb9136c1..03ba899c8e 100644 --- a/docs/content/en/getting_started/upgrading.md +++ b/docs/content/en/getting_started/upgrading.md @@ -72,6 +72,10 @@ godojo installations If you have installed DefectDojo on "iron" and wish to upgrade the installation, please see the [instructions in the repo](https://github.com/DefectDojo/godojo/blob/master/docs-and-scripts/upgrading.md). +## Upgrading to DefectDojo Version 2.27.x. + +There are no special instruction for upgrading to 2.27.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.27.0) for the contents of the release. + ## Upgrading to DefectDojo Version 2.26.x. There are no special instruction for upgrading to 2.26.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.26.0) for the contents of the release. From 113413825f3ff291b0901d8b7a67cfeccd6df421 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Oct 2023 01:43:38 +0000 Subject: [PATCH 3/8] Bump urllib3 from 1.26.11 to 1.26.17 Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.11 to 1.26.17. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.11...1.26.17) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index d417acca13..3091e32bc2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -45,7 +45,7 @@ redis==5.0.1 requests==2.31.0 sqlalchemy==2.0.21 # Required by Celery broker transport supervisor==4.2.5 -urllib3==1.26.11 +urllib3==1.26.17 uWSGI==2.0.22 vobject==0.9.6.1 whitenoise==5.2.0 From 0968c0ef607f41ade72017fc65e067d7534a2c90 Mon Sep 17 00:00:00 2001 From: mowol Date: Wed, 4 Oct 2023 17:29:42 +0200 Subject: [PATCH 4/8] Check for empty cves array (#8779) --- dojo/tools/jfrog_xray_api_summary_artifact/parser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/tools/jfrog_xray_api_summary_artifact/parser.py b/dojo/tools/jfrog_xray_api_summary_artifact/parser.py index 6c81ad864c..f62d353229 100644 --- a/dojo/tools/jfrog_xray_api_summary_artifact/parser.py +++ b/dojo/tools/jfrog_xray_api_summary_artifact/parser.py @@ -139,7 +139,7 @@ def get_item( # Add vulnerability ids vulnerability_ids = list() - if "cve" in cves[0]: + if cves and "cve" in cves[0]: vulnerability_ids.append(cves[0]["cve"]) if "issue_id" in vulnerability: vulnerability_ids.append(vulnerability["issue_id"]) From e24eb64ca0886945f6d08dd768b6ae007f79a074 Mon Sep 17 00:00:00 2001 From: Felix Hernandez Date: Mon, 9 Oct 2023 17:06:03 -0600 Subject: [PATCH 5/8] Validate undefined and null value in criticality column table products (#8765) * validation in criticality render * styling changes --------- Co-authored-by: Felix Hernandez --- dojo/templates/dojo/product.html | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/dojo/templates/dojo/product.html b/dojo/templates/dojo/product.html index f440037d4c..e328557c87 100644 --- a/dojo/templates/dojo/product.html +++ b/dojo/templates/dojo/product.html @@ -350,8 +350,14 @@

'Very Low': 1, 'None': 0 }; - return type === 'sort' ? criticals[getDojoExportValueFromTag(data, 'i', 'data-content')] : - type === 'export' ? getDojoExportValueFromTag(data, 'i', 'data-content') : data; + if (type === 'sort') { + return criticals[getDojoExportValueFromTag(data, 'i', 'data-content')] + } else if (type === 'export') { + return getDojoExportValueFromTag(data, 'i', 'data-content') + } else if (data != undefined||data != null) { + return data + } + return "" }}, { "data": "metadata", render: function (data, type, row) { return type === 'export' ? getDojoExportValueFromTag(data, 'i', 'data-content') : data; From 6528595f8f838b1183a6db93b32960d8fd1a707c Mon Sep 17 00:00:00 2001 From: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Date: Tue, 10 Oct 2023 10:47:43 -0500 Subject: [PATCH 6/8] Add integration test fix to bugfix branch (clone of #8783) (#8812) * Add integration test fix to bugfix branch (clone of #8783) * Correct double extension.. --- Dockerfile.integration-tests-debian | 46 ++++++++++++-------- docker/entrypoint-integration-tests.sh | 1 + docker/install_chrome_dependencies.py | 60 ++++++++++++++++++++++++++ 3 files changed, 90 insertions(+), 17 deletions(-) create mode 100644 docker/install_chrome_dependencies.py diff --git a/Dockerfile.integration-tests-debian b/Dockerfile.integration-tests-debian index 6b2e7e97a6..6df200d628 100644 --- a/Dockerfile.integration-tests-debian +++ b/Dockerfile.integration-tests-debian @@ -14,31 +14,43 @@ RUN \ gpg \ default-jre-headless \ jq \ + apt-file \ + libnss3 \ + xvfb \ && \ apt-get clean && \ - rm -rf /var/lib/apt/lists && \ true -# Installing Google Chrome browser +RUN pip install --no-cache-dir selenium==4.9.0 requests + +# Install the latest Google Chrome stable release +WORKDIR /opt/chrome RUN \ - curl -sS -o - https://dl.google.com/linux/linux_signing_key.pub | apt-key add && \ - echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list && \ - apt-get -y update && \ - apt-get -y install \ - google-chrome-stable=117.0.5938.132-1 \ - && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists && \ - true + chrome_url=$(curl https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions-with-downloads.json | jq -r '.channels[] | select(.channel == "Stable") | .downloads.chrome[] | select(.platform == "linux64").url') && \ + wget $chrome_url && \ + unzip chrome-linux64.zip && \ + rm -rf chrome-linux64.zip && \ + chmod -R 0755 . && \ + ln -s /opt/chrome/chrome-linux64/chrome /usr/bin/chrome -RUN pip install --no-cache-dir selenium==4.9.0 requests +# Install the dependencies for Google Chrome +RUN apt-file update +COPY docker/install_chrome_dependencies.py install_chrome_dependencies.py +RUN \ + missing_chrome_deps=$(python install_chrome_dependencies.py) && \ + apt-get -y install $missing_chrome_deps + +# Install a suggested list of additional packages (https://stackoverflow.com/a/76734752) +RUN apt-get install -y libxi6 libgconf-2-4 jq libjq1 libonig5 libxkbcommon0 libxss1 libglib2.0-0 libnss3 \ + libfontconfig1 libatk-bridge2.0-0 libatspi2.0-0 libgtk-3-0 libpango-1.0-0 libgdk-pixbuf2.0-0 libxcomposite1 \ + libxcursor1 libxdamage1 libxtst6 libappindicator3-1 libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libxfixes3 \ + libdbus-1-3 libexpat1 libgcc1 libnspr4 libgbm1 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxext6 \ + libxrandr2 libxrender1 gconf-service ca-certificates fonts-liberation libappindicator1 lsb-release xdg-utils -# Installing Chromedriver +# Installing the latest stable Google Chrome driver release WORKDIR /opt/chrome-driver RUN \ - chrome_version=$(apt-cache show google-chrome-stable | grep Version | awk '{print $2}' | cut -d '-' -f 1) && \ - chrome_version_blob=$(curl -k https://googlechromelabs.github.io/chrome-for-testing/known-good-versions-with-downloads.json | jq ".versions[] | select(.version==\"$chrome_version\")") && \ - chromedriver_url=https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/117.0.5938.92/linux64/chromedriver-linux64.zip && \ + chromedriver_url=$(curl https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions-with-downloads.json | jq -r '.channels[] | select(.channel == "Stable") | .downloads.chromedriver[] | select(.platform == "linux64").url') && \ wget $chromedriver_url && \ unzip -j chromedriver-linux64.zip chromedriver-linux64/chromedriver && \ rm -rf chromedriver-linux64.zip && \ @@ -62,4 +74,4 @@ ENV \ DD_ADMIN_USER=admin \ DD_ADMIN_PASSWORD='' \ DD_BASE_URL="http://localhost:8080/" -CMD ["/entrypoint-integration-tests.sh"] +CMD ["/entrypoint-integration-tests.sh"] \ No newline at end of file diff --git a/docker/entrypoint-integration-tests.sh b/docker/entrypoint-integration-tests.sh index 3da46f9bc6..e76bcac998 100755 --- a/docker/entrypoint-integration-tests.sh +++ b/docker/entrypoint-integration-tests.sh @@ -23,6 +23,7 @@ if [ $COUNTER -gt 10 ]; then fi export CHROMEDRIVER=$(find /opt/chrome-driver -name chromedriver) +export CHROME_PATH=/opt/chrome/chrome # Run available unittests with a simple setup # All available Integrationtest Scripts are activated below diff --git a/docker/install_chrome_dependencies.py b/docker/install_chrome_dependencies.py new file mode 100644 index 0000000000..5f4f714a43 --- /dev/null +++ b/docker/install_chrome_dependencies.py @@ -0,0 +1,60 @@ +""" +This solution is largely based on the Playwright's browser dependencies script at +https://github.com/microsoft/playwright/blob/main/utils/linux-browser-dependencies/inside_docker/list_dependencies.js +""" + +import subprocess + + +def find_packages(library_name): + stdout = run_command(["apt-file", "search", library_name]) + if not stdout.strip(): + return [] + libs = [line.split(":")[0] for line in stdout.strip().split("\n")] + return list(set(libs)) + + +def run_command(cmd, cwd=None, env=None): + result = subprocess.run(cmd, cwd=cwd, env=env, capture_output=True, text=True) + return result.stdout + + +def ldd(file_path): + stdout = run_command(["ldd", file_path]) + # For simplicity, I'm assuming if we get an error, the code is non-zero. + try: + result = subprocess.run( + ["ldd", file_path], capture_output=True, text=True + ) + stdout = result.stdout + code = result.returncode + except subprocess.CalledProcessError: + stdout = "" + code = 1 + return stdout, code + + +raw_deps = ldd("/opt/chrome/chrome") +dependencies = raw_deps[0].splitlines() + +missing_deps = { + r[0].strip() + for d in dependencies + for r in [d.split("=>")] + if len(r) == 2 and r[1].strip() == "not found" +} + +missing_packages = [] +for d in missing_deps: + all_packages = find_packages(d) + packages = [ + p + for p in all_packages + if not any( + p.endswith(suffix) for suffix in ["-dbg", "-test", "tests", "-dev", "-mesa"] + ) + ] + for p in packages: + missing_packages.append(p) + +print(" ".join(missing_packages)) From ea727d73d169569c209cff34099aac54bfd461db Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Tue, 10 Oct 2023 15:49:26 +0000 Subject: [PATCH 7/8] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index f1ee3fdae0..d907b92121 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.28.0-dev", + "version": "2.27.1", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index e7576a482e..b87c0d4351 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa -__version__ = '2.28.0-dev' +__version__ = '2.27.1' __url__ = 'https://github.com/DefectDojo/django-DefectDojo' __docs__ = 'https://documentation.defectdojo.com' diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index fbaead105b..a2c0682a79 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.28.0-dev" +appVersion: "2.27.1" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.90-dev +version: 1.6.90 icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap From 1fec02c6bb3434e93c8bad2f13cc159db042ae5a Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Tue, 10 Oct 2023 17:56:17 +0000 Subject: [PATCH 8/8] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index d907b92121..f1ee3fdae0 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.27.1", + "version": "2.28.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index b87c0d4351..e7576a482e 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa -__version__ = '2.27.1' +__version__ = '2.28.0-dev' __url__ = 'https://github.com/DefectDojo/django-DefectDojo' __docs__ = 'https://documentation.defectdojo.com' diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index a2c0682a79..f21874e6db 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.27.1" +appVersion: "2.28.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.90 +version: 1.6.91-dev icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap