Skip to content

Commit

Permalink
Merge pull request #8512 from DefectDojo/release/2.25.1
Browse files Browse the repository at this point in the history
Release: Merge release into master from: release/2.25.1
  • Loading branch information
Maffooch authored Aug 14, 2023
2 parents 1b8971a + 7718e3a commit b98093d
Show file tree
Hide file tree
Showing 13 changed files with 972 additions and 6 deletions.
2 changes: 1 addition & 1 deletion components/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "defectdojo",
"version": "2.25.0",
"version": "2.25.1",
"license" : "BSD-3-Clause",
"private": true,
"dependencies": {
Expand Down
2 changes: 1 addition & 1 deletion dojo/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@
# Django starts so that shared_task will use this app.
from .celery import app as celery_app # noqa

__version__ = '2.25.0'
__version__ = '2.25.1'
__url__ = 'https://github.com/DefectDojo/django-DefectDojo'
__docs__ = 'https://documentation.defectdojo.com'
4 changes: 3 additions & 1 deletion dojo/settings/settings.dist.py
Original file line number Diff line number Diff line change
Expand Up @@ -770,9 +770,11 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
'TITLE': 'Defect Dojo API v2',
'DESCRIPTION': 'Defect Dojo - Open Source vulnerability Management made easy. Prefetch related parameters/responses not yet in the schema.',
'VERSION': __version__,
'SCHEMA_PATH_PREFIX': "/api/v2",
# OTHER SETTINGS
# the following set to False could help some client generators
# 'ENUM_ADD_EXPLICIT_BLANK_NULL_CHOICE': False,
'PREPROCESSING_HOOKS': ['dojo.urls.drf_spectacular_preprocessing_filter_spec'],
'POSTPROCESSING_HOOKS': ['dojo.api_v2.prefetch.schema.prefetch_postprocessing_hook'],
# show file selection dialogue, see https://github.com/tfranzel/drf-spectacular/issues/455
"COMPONENT_SPLIT_REQUEST": True,
Expand Down Expand Up @@ -1418,7 +1420,7 @@ def saml2_attrib_map_format(dict):
'SARIF': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE,
'Azure Security Center Recommendations Scan': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,
'Hadolint Dockerfile check': DEDUPE_ALGO_HASH_CODE,
'Semgrep JSON Report': DEDUPE_ALGO_HASH_CODE,
'Semgrep JSON Report': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE,
'Generic Findings Import': DEDUPE_ALGO_HASH_CODE,
'Trufflehog3 Scan': DEDUPE_ALGO_HASH_CODE,
'Detect-secrets Scan': DEDUPE_ALGO_HASH_CODE,
Expand Down
5 changes: 5 additions & 0 deletions dojo/tools/semgrep/parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,11 @@ def get_findings(self, filename, test):
nb_occurences=1,
)

# fingerprint detection
unique_id_from_tool = item.get("extra", {}).get("fingerprint")
if unique_id_from_tool:
finding.unique_id_from_tool = unique_id_from_tool

# manage CWE
if "cwe" in item["extra"]["metadata"]:
if isinstance(item["extra"]["metadata"].get("cwe"), list):
Expand Down
10 changes: 10 additions & 0 deletions dojo/urls.py
Original file line number Diff line number Diff line change
Expand Up @@ -232,3 +232,13 @@
# sometimes urlpatterns needed be added from local_settings.py to avoid having to modify core defect dojo files
if hasattr(settings, 'EXTRA_URL_PATTERNS'):
urlpatterns += settings.EXTRA_URL_PATTERNS


# Remove any other endpoints that drf-spectacular is guessing should be in the swagger
def drf_spectacular_preprocessing_filter_spec(endpoints):
filtered = []
for (path, path_regex, method, callback) in endpoints:
# Remove all but DRF API endpoints
if path.startswith("/api/v2/"):
filtered.append((path, path_regex, method, callback))
return filtered
4 changes: 2 additions & 2 deletions helm/defectdojo/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
apiVersion: v2
appVersion: "2.25.0"
appVersion: "2.25.1"
description: A Helm chart for Kubernetes to install DefectDojo
name: defectdojo
version: 1.6.79
version: 1.6.80
icon: https://www.defectdojo.org/img/favicon.ico
maintainers:
- name: madchap
Expand Down
6 changes: 6 additions & 0 deletions helm/defectdojo/templates/django-service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,12 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "defectdojo.chart" . }}
{{- if .Values.django.service.annotations }}
annotations:
{{- range $key, $value := .Values.django.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
selector:
defectdojo.org/component: django
Expand Down
2 changes: 2 additions & 0 deletions helm/defectdojo/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,8 @@ celery:

django:
annotations: {}
service:
annotations: {}
affinity: {}
ingress:
enabled: true
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ openpyxl==3.1.2
xlrd==1.2.0
Pillow==10.0.0 # required by django-imagekit
psycopg2-binary==2.9.6
cryptography==41.0.2
cryptography==41.0.3
python-dateutil==2.8.2
pytz==2023.3
redis==4.6.0
Expand Down
2 changes: 2 additions & 0 deletions tests/false_positive_history_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ def edit_toggle_false_positive(self, finding_url):
driver.find_element(By.LINK_TEXT, "Edit Finding").click()
# Click on Active checkbox
driver.find_element(By.ID, "id_active").click()
# Click on Verified checkbox
driver.find_element(By.ID, "id_verified").click()
# Click on False Positive checkbox
driver.find_element(By.ID, "id_false_p").click()
# Send
Expand Down
Loading

0 comments on commit b98093d

Please sign in to comment.