Merge pull request #10951 from DefectDojo/release/2.38.3

Release: Merge release into master from: release/2.38.3

.github/ISSUE_TEMPLATE/bug_report.md

@@ -36,7 +36,7 @@ A clear and concise description of what you expected to happen.
  - DefectDojo version (see footer) or commit message: [use `git show -s --format="[%ci] %h: %s [%d]"`]
 
 **Logs** 
-Use `docker-compose logs` (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).
+Use `docker compose logs` (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).
 
 **Sample scan files**
 If applicable, add sample scan files to help reproduce your problem.

.github/ISSUE_TEMPLATE/support_request.md

@@ -36,7 +36,7 @@ A clear and concise description of what you expected to happen.
  - DefectDojo version (see footer) or commit message: [use `git show -s --format="[%ci] %h: %s [%d]"`]
 
 **Logs** 
-Use `docker-compose logs` (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).
+Use `docker compose logs` (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).
 
 **Sample scan files**
 If applicable, add sample scan files to help reproduce your problem.

.github/workflows/build-docker-images-for-testing.yml

@@ -45,9 +45,7 @@ jobs:
           tags: defectdojo/defectdojo-${{ matrix.docker-image }}:${{ matrix.os }}
           file: Dockerfile.${{ matrix.docker-image }}-${{ matrix.os }}
           outputs: type=docker,dest=${{ matrix.docker-image }}-${{ matrix.os }}_img
-          cache-from: type=gha,scope=${{ matrix.docker-image }}
-          cache-to: type=gha,mode=max,scope=${{ matrix.docker-image }}
-
+
       # export docker images to be used in next jobs below
       - name: Upload image ${{ matrix.docker-image }} as artifact
         timeout-minutes: 10

.github/workflows/release-3-master-into-dev.yml

@@ -50,11 +50,15 @@ jobs:
           CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1)
           sed -ri "0,/version/s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml
       
+      - name: Update settings SHA
+        run: sha256sum dojo/settings/settings.dist.py | cut -d ' ' -f1 > dojo/settings/.settings.dist.py.sha256sum
+
       - name: Check numbers
         run: |
           grep version dojo/__init__.py
           grep appVersion helm/defectdojo/Chart.yaml
           grep version components/package.json
+          cat dojo/settings/.settings.dist.py.sha256sum
 
       - name: Create upgrade notes to documentation
         run: |
@@ -132,11 +136,15 @@ jobs:
           CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1)
           sed -ri "0,/version/s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml
       
+      - name: Update settings SHA
+        run: sha256sum dojo/settings/settings.dist.py | cut -d ' ' -f1 > dojo/settings/.settings.dist.py.sha256sum
+
       - name: Check numbers
         run: |
           grep version dojo/__init__.py
           grep appVersion helm/defectdojo/Chart.yaml
           grep version components/package.json
+          cat dojo/settings/.settings.dist.py.sha256sum
       
       - name: Push version changes
         uses: stefanzweifel/git-auto-commit-action@v5.0.1

.github/workflows/release-x-manual-docker-containers.yml

@@ -49,18 +49,6 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Cache Docker layers
-        uses: actions/cache@v4
-        env:
-          docker-image: ${{ matrix.docker-image }}
-        with:
-          path: /tmp/.buildx-cache-${{ env.docker-image }}
-          key: ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ matrix.os }}-${{ env.workflow_name }}-${{ github.sha }}-${{ github.run_id }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ matrix.os }}-${{ env.workflow_name}}-${{ github.sha }}
-            ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ matrix.os }}-${{ env.workflow_name }}
-            ${{ runner.os }}-buildx-${{ env.docker-image }}-${{ matrix.os }}-
-
       - name: Build and push images with debian
         if: ${{ matrix.os  == 'debian' }}
         uses: docker/build-push-action@v6
@@ -73,8 +61,6 @@ jobs:
           tags: ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:${{ github.event.inputs.release_number }}-${{ matrix.os }}, ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:${{ github.event.inputs.release_number }}, ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:latest
           file: ./Dockerfile.${{ env.docker-image }}-${{ matrix.os }}
           context: .
-          cache-from: type=local,src=/tmp/.buildx-cache-${{ env.docker-image }}
-          cache-to: type=local,dest=/tmp/.buildx-cache-${{ env.docker-image }}
 
       - name: Build and push images with alpine
         if: ${{ matrix.os  == 'alpine' }}
@@ -88,9 +74,3 @@ jobs:
           tags: ${{ env.REPO_ORG }}/defectdojo-${{ env.docker-image}}:${{ github.event.inputs.release_number }}-${{ matrix.os }}
           file: ./Dockerfile.${{ env.docker-image }}-${{ matrix.os }}
           context: .
-          cache-from: type=local,src=/tmp/.buildx-cache-${{ env.docker-image }}
-          cache-to: type=local,dest=/tmp/.buildx-cache-${{ env.docker-image }}
-#           platforms: ${{ matrix.platform }}
-
-      - name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.38.2",
+  "version": "2.38.3",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docker/docker-compose-check.sh

@@ -6,11 +6,11 @@ current=$(docker compose  version  --short)
 
 echo 'Checking docker compose version'
 if [[ $main -lt 2 ]]; then
-  echo "$current is not a supported docker-compose version, please upgrade to the minimum supported version: 2.0"
+  echo "$current is not a supported 'docker compose' version, please upgrade to the minimum supported version: 2.0"
   exit 1
 elif [[ $main -eq 1 ]]; then
   if [[ $minor -lt 28 ]]; then
-    echo "$current is not supported docker-compose version, please upgrade to minimal supported version:1.28"
+    echo "$current is not supported 'docker compose' version, please upgrade to minimal supported version:1.28"
     exit 1
   fi
 fi

docker/extra_settings/README.md

@@ -6,7 +6,7 @@ If a file if placed here, it will be copied on startup to `dojo/settings/local_s
 For an example, see [template-local_settings](../../dojo/settings/template-local_settings)
 
 Please note this copy action could fail if you have mounted the full `dojo/` folder, but that is owned by a different user/group.
-That's why this copy action only happens in docker-compose release mode, and not in dev/debug/unit_tests/integration_tests modes.
+That's why this copy action only happens in docker compose release mode, and not in dev/debug/unit_tests/integration_tests modes.
 
 For advanced usage you can also place a `settings.dist.py` or `settings.py` file. These will also be copied on startup to dojo/settings.
 

docs/content/en/contributing/how-to-write-a-parser.md

@@ -15,7 +15,7 @@ All commands assume that you're located at the root of the django-DefectDojo clo
 - Checkout `dev` and make sure you're up to date with the latest changes.
 - It's advised that you create a dedicated branch for your development, such as `git checkout -b parser-name`.
 
-It is easiest to use the docker-compose deployment as it has hot-reload capbility for uWSGI.
+It is easiest to use the docker compose deployment as it has hot-reload capbility for uWSGI.
 Set up your environment to use the debug environment:
 
 `$ docker/setEnv.sh debug`
@@ -27,7 +27,7 @@ Please have a look at [DOCKER.md](https://github.com/DefectDojo/django-DefectDoj
 You will want to build your docker images locally, and eventually pass in your local user's `uid` to be able to write to the image (handy for database migration files). Assuming your user's `uid` is `1000`, then:
 
 {{< highlight bash >}}
-$ docker-compose build --build-arg uid=1000
+$ docker compose build --build-arg uid=1000
 {{< /highlight >}}
 
 ## Which files do you need to modify?
@@ -279,7 +279,7 @@ This ensures the file is closed at the end of the with statement, even if an exc
 
 ### Test database
 
-To test your unit tests locally, you first need to grant some rights. Get your MySQL root password from the docker-compose logs, login as root and issue the following commands:
+To test your unit tests locally, you first need to grant some rights. Get your MySQL root password from the docker compose logs, login as root and issue the following commands:
 
 {{< highlight mysql >}}
 MYSQL> grant all privileges on test_defectdojo.* to defectdojo@'%';
@@ -291,17 +291,17 @@ MYSQL> flush privileges;
 This local command will launch the unit test for your new parser
 
 {{< highlight bash >}}
-$ docker-compose exec uwsgi bash -c 'python manage.py test unittests.tools.<your_unittest_py_file>.<main_class_name> -v2'
+$ docker compose exec uwsgi bash -c 'python manage.py test unittests.tools.<your_unittest_py_file>.<main_class_name> -v2'
 {{< /highlight >}}
 
 Example for the blackduck hub parser:
 
 {{< highlight bash >}}
-$ docker-compose exec uwsgi bash -c 'python manage.py test unittests.tools.test_blackduck_csv_parser.TestBlackduckHubParser -v2'
+$ docker compose exec uwsgi bash -c 'python manage.py test unittests.tools.test_blackduck_csv_parser.TestBlackduckHubParser -v2'
 {{< /highlight >}}
 
 {{% alert title="Information" color="info" %}}
-If you want to run all unit tests, simply run `$ docker-compose exec uwsgi bash -c 'python manage.py test unittests -v2'`
+If you want to run all unit tests, simply run `$ docker compose exec uwsgi bash -c 'python manage.py test unittests -v2'`
 {{% /alert %}}
 
 ### Endpoint validation
@@ -330,7 +330,7 @@ In the event where you'd have to change the model, e.g. to increase a database c
 * Create a new migration file in dojo/db_migrations by running and including as part of your PR
 
     {{< highlight bash >}}
-    $ docker-compose exec uwsgi bash -c 'python manage.py makemigrations -v2'
+    $ docker compose exec uwsgi bash -c 'python manage.py makemigrations -v2'
     {{< /highlight >}}
 
 ### Accept a different type of file to upload

docs/content/en/getting_started/running-in-production.md

@@ -5,7 +5,7 @@ draft: false
 weight: 4
 ---
 
-## Production use with docker-compose
+## Production use with docker compose
 
 The docker-compose.yml file in this repository is fully functional to evaluate DefectDojo in your local environment.
 
@@ -76,7 +76,7 @@ Dockerfile.django-* for in-file references.
 
 You can execute the following command to see the configuration:
 
-`docker-compose exec celerybeat bash -c "celery -A dojo inspect stats"`
+`docker compose exec celerybeat bash -c "celery -A dojo inspect stats"`
 and see what is in effect.
 
 #### Asynchronous Import

docs/content/en/getting_started/upgrading/2.23.md

@@ -16,6 +16,6 @@ There is a migration process built into the upgrade that will automatically conv
    - If your deployment uses the MySQL containerized database, please see the following updates to run DefectDojo:
      - Use of the helper script "dc-up": `./dc-up.sh mysql-rabbitmq` or `./dc-up.sh mysql-redis`
      - Use of the helper script "dc-up-d": `./dc-up-d.sh mysql-rabbitmq` or `./dc-up-d.sh mysql-redis`
-     - Use of Docker Compose directly: `docker-compose --profile mysql-rabbitmq --env-file ./docker/environments/mysql-rabbitmq.env up` or `docker-compose --profile mysql-redis --env-file ./docker/environments/mysql-redis.env up`
+     - Use of Docker Compose directly: `docker compose --profile mysql-rabbitmq --env-file ./docker/environments/mysql-rabbitmq.env up` or `docker compose --profile mysql-redis --env-file ./docker/environments/mysql-redis.env up`
 
 For all other changes, check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.23.0) for the contents of the release.

docs/content/en/getting_started/upgrading/2.30.md

@@ -10,7 +10,7 @@ There are instructions for upgrading to 2.30.0 if you disabled `enable_auditlog`
 
 Parameter `enable_auditlog` is not possible to set through System settings anymore. If you set this parameter or you need to change it to `False` (to disable audit logging), set environmental variable `DD_ENABLE_AUDITLOG` to `False`.
 
-If you are using docker-compose, another EnvVar should be added to the `docker-compose.yml` file in all the containers ran by the django image. This should do the trick
+If you are using docker compose, another EnvVar should be added to the `docker-compose.yml` file in all the containers ran by the django image. This should do the trick
 ```yaml
 DD_ENABLE_AUDITLOG: ${DD_ENABLE_AUDITLOG:-False}
 ```

docs/content/en/getting_started/upgrading/_index.md

@@ -5,9 +5,9 @@ draft: false
 weight: 5
 ---
 
-## Docker-compose
+## Docker compose
 
-When you deploy a vanilla docker-compose, it will create a persistent
+When you deploy a vanilla docker compose, it will create a persistent
 volume for your Postgres database. As long as your volume is there, you
 should not lose any data.
 
@@ -19,7 +19,7 @@ DockerHub to update.
 {{% /alert %}}
 
 
-The generic upgrade method for docker-compose are as follows:
+The generic upgrade method for docker compose are as follows:
 -   Pull the latest version
 
     ``` {.sourceCode .bash}
@@ -46,10 +46,10 @@ The generic upgrade method for docker-compose are as follows:
 -   Re-start DefectDojo, allowing for container recreation:
     `./dc-up-d.sh`
 -   Database migrations will be run automatically by the initializer.
-    Check the output via `docker-compose logs initializer` or relevant k8s command
+    Check the output via `docker compose logs initializer` or relevant k8s command
 -   If you have the initializer disabled (or if you want to be on the
     safe side), run the migration command:
-    `docker-compose exec uwsgi /bin/bash -c "python manage.py migrate"`
+    `docker compose exec uwsgi /bin/bash -c "python manage.py migrate"`
 
 ### Building your local images
 
@@ -64,7 +64,7 @@ first.
     git merge origin/master
     ```
 
-Then replace the first step of the above generic upgrade method for docker-compose with: `docker-compose build`
+Then replace the first step of the above generic upgrade method for docker compose with: `docker compose build`
 
 ## godojo installations
 

docs/content/en/integrations/jira.md

@@ -167,19 +167,19 @@ optional arguments:
 This can be executed from the uwsgi docker container using:
 
 {{< highlight bash >}}
-$ docker-compose exec uwsgi /bin/bash -c 'python manage.py jira_status_reconciliation'
+$ docker compose exec uwsgi /bin/bash -c 'python manage.py jira_status_reconciliation'
 {{< /highlight >}}
 
 DEBUG output can be obtains via `-v 3`, but only after increasing the logging to DEBUG level in your settings.dist.py or local_settings.py file
 
 {{< highlight bash >}}
-$ docker-compose exec uwsgi /bin/bash -c 'python manage.py jira_status_reconciliation -v 3'
+$ docker compose exec uwsgi /bin/bash -c 'python manage.py jira_status_reconciliation -v 3'
 {{< /highlight >}}
 
 At the end of the command a semicolon seperated CSV summary will be printed. This can be captured by redirecting stdout to a file:
 
 {{< highlight bash >}}
-$ docker-compose exec uwsgi /bin/bash -c 'python manage.py jira_status_reconciliation > jira_reconciliation.csv'
+$ docker compose exec uwsgi /bin/bash -c 'python manage.py jira_status_reconciliation > jira_reconciliation.csv'
 {{< /highlight >}}
 
 

docs/content/en/integrations/ldap-authentication.md

@@ -116,7 +116,7 @@ Read the docs for Django Authentication with LDAP here: https://django-auth-ldap
 
 #### docker-compose.yml
 
-In order to pass the variables to the settings.dist.py file via docker, it's a good idea to add these to the docker-compose file.
+In order to pass the variables to the settings.dist.py file via docker, it's a good idea to add these to the docker compose file.
 
 You can do this by adding the following variables to the environment section for the uwsgi image:
 ```yaml

docs/content/en/integrations/parsers/file/krakend_audit.md

@@ -0,0 +1,11 @@
+---
+title: "KrakenD Audit Scan"
+toc_hide: true
+---
+Import KrakenD Audit Scan results in JSON format. You can use the following command to audit the KrakenD configuration which then can be uploaded to DefectDojo: 
+```
+krakend audit -c krakend.json -f "{{ marshal . }}" >> recommendations.json
+```
+
+### Sample Scan Data
+Sample KrakenD Audit scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/krakend_audit).

docs/content/en/integrations/parsers/file/qualys_hacker_guardian.md

@@ -0,0 +1,9 @@
+---
+title: "Qualys Hacker Guardian Scan"
+toc_hide: true
+---
+Qualys Hacker Guardian CSV export
+
+### Sample Scan Data
+
+Sample Qualys Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/qualys_hacker_guardian).

docs/content/en/usage/features.md

@@ -357,22 +357,22 @@ to the hashcode configuration or calculation logic. We will mention this in the
 To regenerate the hashcodes, use the `dedupe` management command:
 
 {{< highlight bash >}}
-docker-compose exec uwsgi ./manage.py dedupe --hash_code_only
+docker compose exec uwsgi ./manage.py dedupe --hash_code_only
 {{< / highlight >}}
 
 This will only regenerated the hashcodes, but will not run any deduplication logic on existing findings.
 If you want to run deduplication again on existing findings to make sure any duplicates found by the new
 hashcode config are marked as such, run:
 
 {{< highlight bash >}}
-docker-compose exec uwsgi ./manage.py dedupe
+docker compose exec uwsgi ./manage.py dedupe
 {{< / highlight >}}
 
 The deduplication part of this command will run the deduplication for each finding in a celery task. If you want to
 run the deduplication in the foreground process, use:
 
 {{< highlight bash >}}
-docker-compose exec uwsgi ./manage.py dedupe --dedupe_sync
+docker compose exec uwsgi ./manage.py dedupe --dedupe_sync
 {{< / highlight >}}
 
 Please note the deduplication process is resource intensive and can take a long time to complete
@@ -502,10 +502,10 @@ You can of course change this default by modifying that stanza.
 ### Launching from the CLI
 
 You can also invoke the SLA notification function from the CLI. For
-example, if run from docker-compose:
+example, if run from docker compose:
 
 {{< highlight bash >}}
-$ docker-compose exec uwsgi /bin/bash -c 'python manage.py sla_notifications'
+$ docker compose exec uwsgi /bin/bash -c 'python manage.py sla_notifications'
 {{< / highlight >}}
 
 ## Reports

dojo/__init__.py

@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = "2.38.2"
+__version__ = "2.38.3"
 __url__ = "https://github.com/DefectDojo/django-DefectDojo"
 __docs__ = "https://documentation.defectdojo.com"

dojo/api_v2/prefetch/prefetcher.py

@@ -3,11 +3,17 @@
 
 from rest_framework.serializers import ModelSerializer
 
+from dojo.models import FileUpload
+
 from . import utils
 
 # Reduce the scope of search for serializers.
 SERIALIZER_DEFS_MODULE = "dojo.api_v2.serializers"
 
+preferred_serializers = {
+    FileUpload: "FileSerializer",
+}
+
 
 class _Prefetcher:
     @staticmethod
@@ -31,7 +37,11 @@ def _is_model_serializer(obj):
 
         for _, serializer in available_serializers:
             model = serializer.Meta.model
-            serializers[model] = serializer
+            if model in preferred_serializers:
+                if serializer.__name__ == preferred_serializers[model]:
+                    serializers[model] = serializer
+            else:
+                serializers[model] = serializer
         # We add object->None to have a more uniform processing later on
         serializers[object] = None