Merge pull request #9055 from DefectDojo/release/2.28.3

Release: Merge release into master from: release/2.28.3
DefectDojo · Nov 27, 2023 · 7912214 · 7912214
2 parents 19c4e74 + b3ae204
commit 7912214
Show file tree

Hide file tree

Showing 9 changed files with 717 additions and 17 deletions.
diff --git a/components/package.json b/components/package.json
@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.28.2",
+  "version": "2.28.3",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

diff --git a/dojo/__init__.py b/dojo/__init__.py
@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa
 
-__version__ = '2.28.2'
+__version__ = '2.28.3'
 __url__ = 'https://github.com/DefectDojo/django-DefectDojo'
 __docs__ = 'https://documentation.defectdojo.com'
diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py
@@ -6,6 +6,9 @@
 import environ
 from netaddr import IPNetwork, IPSet
 import json
+import logging
+
+logger = logging.getLogger(__name__)
 
 # See https://documentation.defectdojo.com/getting_started/configuration/ for options
 # how to tune the configuration to your needs.
@@ -1267,9 +1270,13 @@ def saml2_attrib_map_format(dict):
     env_hashcode_fields_per_scanner = json.loads(env('DD_HASHCODE_FIELDS_PER_SCANNER'))
     for key, value in env_hashcode_fields_per_scanner.items():
         if key in HASHCODE_FIELDS_PER_SCANNER:
-            print("Replacing {} with value {} from env var DD_HASHCODE_FIELDS_PER_SCANNER".format(key, value))
+            logger.info("Replacing {} with value {} (previously set to {}) from env var DD_HASHCODE_FIELDS_PER_SCANNER".format(key, value, HASHCODE_FIELDS_PER_SCANNER[key]))
+            HASHCODE_FIELDS_PER_SCANNER[key] = value
+        if key not in HASHCODE_FIELDS_PER_SCANNER:
+            logger.info("Adding {} with value {} from env var DD_HASHCODE_FIELDS_PER_SCANNER".format(key, value))
             HASHCODE_FIELDS_PER_SCANNER[key] = value
 
+
 # This tells if we should accept cwe=0 when computing hash_code with a configurable list of fields from HASHCODE_FIELDS_PER_SCANNER (this setting doesn't apply to legacy algorithm)
 # If False and cwe = 0, then the hash_code computation will fallback to legacy algorithm for the concerned finding
 # Default is True (if scanner is not configured here but is configured in HASHCODE_FIELDS_PER_SCANNER, it allows null cwe)
@@ -1464,7 +1471,10 @@ def saml2_attrib_map_format(dict):
     env_dedup_algorithm_per_parser = json.loads(env('DD_DEDUPLICATION_ALGORITHM_PER_PARSER'))
     for key, value in env_dedup_algorithm_per_parser.items():
         if key in DEDUPLICATION_ALGORITHM_PER_PARSER:
-            print("Replacing {} with value {} from env var DD_DEDUPLICATION_ALGORITHM_PER_PARSER".format(key, value))
+            logger.info("Replacing {} with value {} (previously set to {}) from env var DD_DEDUPLICATION_ALGORITHM_PER_PARSER".format(key, value, DEDUPLICATION_ALGORITHM_PER_PARSER[key]))
+            DEDUPLICATION_ALGORITHM_PER_PARSER[key] = value
+        if key not in DEDUPLICATION_ALGORITHM_PER_PARSER:
+            logger.info("Adding {} with value {} from env var DD_DEDUPLICATION_ALGORITHM_PER_PARSER".format(key, value))
             DEDUPLICATION_ALGORITHM_PER_PARSER[key] = value
 
 DUPE_DELETE_MAX_PER_RUN = env('DD_DUPE_DELETE_MAX_PER_RUN')

diff --git a/dojo/templates/dojo/view_finding.html b/dojo/templates/dojo/view_finding.html
@@ -271,6 +271,9 @@ <h3 class="pull-left finding-title">
                             <th>CWE</th>
                             <th>Vulnerability Id</th>
                         <th>Found by</th>
+                        {% if finding.vuln_id_from_tool %}
+                            <th>Vuln ID from tool</th>
+                        {% endif %}
                     {% endblock header_head %}
                 </tr>
                 <tr>
@@ -422,6 +425,9 @@ <h3 class="pull-left finding-title">
                             {{ scanner }}
                         {% endfor %}</td>
                         {% endwith %}
+                        {% if finding.vuln_id_from_tool %}
+                            <td>{{ finding.vuln_id_from_tool }}</td>
+                        {% endif %}
                     {% endblock header_body %}
                 </tr>
             </table>

diff --git a/dojo/templates/dojo/view_risk_acceptance.html b/dojo/templates/dojo/view_risk_acceptance.html
@@ -44,7 +44,7 @@ <h3 class="pull-left">
                 {% include "dojo/form_fields.html" with form=risk_acceptance_form %}
                 <div class="form-group">
                     <div class="col-sm-offset-2 col-sm-10">
-                        <input class="btn btn-primary" type="submit" value="Save"/>
+                        <input class="btn" type="submit" value="Save"/>
                     </div>
                 </div>
             </form>
@@ -222,8 +222,10 @@ <h3>Accept Additional Findings</h3>
                 <div class="panel-body">
                     {% include "dojo/paging_snippet.html" with page=add_findings prefix="apage" %}
                 </div>
-                <div class="panel-footer text-center">
-                    <input class="btn btn-primary" name="add_findings" type="submit" value="Add Selected Findings"/>
+                <div class="form-group">
+                    <div class="col-sm-offset-2 col-sm-10">
+                        <input class="btn" name="add_findings" type="submit" value="Add Selected Findings"/>
+                    </div>
                 </div>
             </form>
         </div>

diff --git a/dojo/tools/sonarqube/parser.py b/dojo/tools/sonarqube/parser.py
@@ -56,21 +56,22 @@ def get_items(self, tree, test, mode):
             rulesDic = dict()
             for rule in rules_table:
                 rule_properties = list(rule.iter("td"))
-                rule_name = list(rule_properties[0].iter("a"))[0].text
+                rule_name = list(rule_properties[0].iter("a"))[0].text.strip()
                 rule_details = list(rule_properties[1].iter("details"))[0]
                 rulesDic[rule_name] = rule_details
 
             for vuln in vulnerabilities_table:
                 vuln_properties = list(vuln.iter("td"))
-                vuln_rule_name = list(vuln_properties[0].iter("a"))[0].text
+                rule_key = list(vuln_properties[0].iter("a"))[0].text
+                vuln_rule_name = rule_key and rule_key.strip()
                 vuln_severity = self.convert_sonar_severity(
-                    vuln_properties[1].text
+                    vuln_properties[1].text and vuln_properties[1].text.strip()
                 )
-                vuln_file_path = vuln_properties[2].text
-                vuln_line = vuln_properties[3].text
-                vuln_title = vuln_properties[4].text
-                vuln_mitigation = vuln_properties[5].text
-                vuln_key = vuln_properties[6].text
+                vuln_file_path = vuln_properties[2].text and vuln_properties[2].text.strip()
+                vuln_line = vuln_properties[3].text and vuln_properties[3].text.strip()
+                vuln_title = vuln_properties[4].text and vuln_properties[4].text.strip()
+                vuln_mitigation = vuln_properties[5].text and vuln_properties[5].text.strip()
+                vuln_key = vuln_properties[6].text and vuln_properties[6].text.strip()
                 if vuln_title is None or vuln_mitigation is None:
                     raise ValueError(
                         "Parser ValueError: can't find a title or a mitigation for vulnerability of name "

diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: "2.28.2"
+appVersion: "2.28.3"
 description: A Helm chart for Kubernetes to install DefectDojo
 name: defectdojo
-version: 1.6.96
+version: 1.6.97
 icon: https://www.defectdojo.org/img/favicon.ico
 maintainers:
   - name: madchap