Skip to content

Commit

Permalink
Merge pull request #10677 from DefectDojo/bugfix
Browse files Browse the repository at this point in the history 
Bugfix -> Dev for 2.37.0
  • Loading branch information
@Maffooch
Maffooch authored Aug 5, 2024
2 parents e2f4445 + 3fd43db commit 3a25728
Show file tree
Hide file tree
Showing 10 changed files with 116 additions and 52 deletions.
11 changes: 11 additions & 0 deletions dojo/filters.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2886,6 +2886,17 @@ class ReportFindingFilterHelper(FilterSet):
outside_of_sla = FindingSLAFilter(label="Outside of SLA")
file_path = CharFilter(lookup_expr="icontains")

o = OrderingFilter(
fields=(
("title", "title"),
("date", "date"),
("numerical_severity", "numerical_severity"),
("epss_score", "epss_score"),
("epss_percentile", "epss_percentile"),
("test__engagement__product__name", "test__engagement__product__name"),
),
)

class Meta:
model = Finding
# exclude sonarqube issue as by default it will show all without checking permissions
Expand Down
2 changes: 1 addition & 1 deletion dojo/reports/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ def report_findings(request):
title_words = get_words_for_field(Finding, "title")
component_words = get_words_for_field(Finding, "component_name")

paged_findings = get_page_items(request, findings.qs.distinct().order_by("numerical_severity"), 25)
paged_findings = get_page_items(request, findings.qs.distinct(), 25)

return render(request,
"dojo/report_findings.html",
Expand Down
75 changes: 48 additions & 27 deletions dojo/templates/dojo/report_builder.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,52 +272,73 @@ <h4>Available Widgets</h4>
.selectpicker('render');
}

$(document).on('submit', 'form.finding-list', function (event) {
var form = this;
$.get("{% url 'report_findings' %}?" + $(this).serialize()).done(function (data) {
// Retrieves (report) data at the given url and inserts it as HTMl into $targetEl, and configures filters
// on the returned data.
function retrieveReportData(url, $targetEl) {
$.get(url).done(function (data) {
filterFieldInit(
$(form).closest('li.finding-list').html(data)
$targetEl.html(data)
);
setUpFindingFilters();
});
}

// --------
// Findings
// --------

// "Apply Filters"
$(document).on('submit', 'form.finding-list', function (event) {
const $form = $(this);
event.preventDefault();
retrieveReportData(
"{% url 'report_findings' %}?" + $form.serialize(),
$form.closest('li.finding-list')
);
});

$(document).on('click', 'form.finding-list a.clear.centered, div.finding-pagination a', function (event) {
$.get("{% url 'report_findings' %}").done(function (data) {
filterFieldInit(
$('div.in-use-widgets li.finding-list').html(data)
);
setUpFindingFilters();
});
// "Clear filters"
$(document).on('click', 'form.finding-list a.clear.centered', function (event) {
const $a = $(this);
event.preventDefault();
retrieveReportData("{% url 'report_findings' %}", $a.closest('li.finding-list'));
});

// Sort/order columns and Pagination
$(document).on('click', 'li.finding-list th a, div.finding-pagination a', function (event) {
const $a = $(this);
event.preventDefault();
retrieveReportData("{% url 'report_findings' %}" + $a.attr('href'), $a.closest('li.finding-list'));
});

$(document).on('submit', 'form.endpoint-list', function (event) {
var form = this;
$.get("{% url 'report_endpoints' %}?" + $(this).serialize()).done(function (data) {
filterFieldInit(
$(form).closest('li.endpoint-list').html(data)
);
setUpFindingFilters();
});
/// --------
// Endpoints
// ---------

// "Apply filters"
$(document).on('submit', 'form.endpoint-list', function (event) {
const $form = $(this);
event.preventDefault();
retrieveReportData(
"{% url 'report_endpoints' %}?" + $form.serialize(),
$form.closest('li.endpoint-list')
);
});

$(document).on('click', 'form.endpoint-list a.clear.centered, div.endpoint-pagination a', function (event) {
$.get("{% url 'report_endpoints' %}").done(function (data) {
filterFieldInit(
$('div.in-use-widgets li.endpoint-list').html(data)
);
setUpFindingFilters();
});

// "Clear filters"
$(document).on('click', 'form.endpoint-list a.clear.centered', function (event) {
const $a = $(this);
event.preventDefault();
retrieveReportData("{% url 'report_endpoints' %}", $a.closest('li.endpoint-list'));
});

// Pagination
$(document).on('click', 'div.endpoint-pagination a', function (event) {
const $a = $(this);
event.preventDefault();
retrieveReportData("{% url 'report_endpoints' %}" + $a.attr('href'), $a.closest('li.endpoint-list'));
})

$('[data-toggle="tooltip"]').tooltip()

$(document).on('click', '.in-use-widgets .panel-available-widget .panel-heading', function (event) {
Expand Down
4 changes: 2 additions & 2 deletions dojo/templates/dojo/report_endpoints.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ <h6>Filters</h6>
</tbody>
</table>
</div>
<div class="clearfix">
{% include "dojo/paging_snippet.html" with page=findings page_size=False %}
<div class="clearfix endpoint-pagination">
{% include "dojo/paging_snippet.html" with page=endpoints page_size=False %}
</div>

{% endif %}
Expand Down
2 changes: 1 addition & 1 deletion dojo/templates/dojo/report_findings.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ <h6>Filters</h6>
</tbody>
</table>
</div>
<div class="clearfix">
<div class="clearfix finding-pagination">
{% include "dojo/paging_snippet.html" with page=findings page_size=False %}
</div>

Expand Down
16 changes: 8 additions & 8 deletions dojo/templates/dojo/view_group.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
{% load authorization_tags %}

{% block content %}
<h3 id="id_heading"> Group {{ group.name }}</h3>
<h3 id="id_heading"> Group: {{ group.name }}</h3>
<div class="row">
<div id="tests" class="col-md-8">
<div class="panel panel-default">
Expand Down Expand Up @@ -43,7 +43,7 @@ <h3 class="pull-left">Description</h3>
<div class="panel panel-default">
<div class="panel-heading">
<div class="clearfix">
<h4 class="pull-left">Members</h4>
<h4 class="pull-left">Members of this Group</h4>
&nbsp;
<a href="https://documentation.defectdojo.com/usage/permissions/#groups" target="_blank">
<i class="fa-solid fa-circle-question"></i></a>
Expand Down Expand Up @@ -72,7 +72,7 @@ <h4 class="pull-left">Members</h4>
<tr>
<th label="Actions"></th>
<th>User</th>
<th>Group role</th>
<th>Role in this Group</th>
</tr>
</thead>
<tbody>
Expand Down Expand Up @@ -108,15 +108,15 @@ <h4 class="pull-left">Members</h4>
</div>
{% else %}
<div class="panel-body">
<small class="text-muted"><em>No members found.</em></small>
<small class="text-muted"><em>This Group has no members.</em></small>
</div>
{% endif %}
</div>

<div class="panel panel-default">
<div class="panel-heading">
<div class="clearfix">
<h4 class="pull-left">Product Type Groups</h4>
<h4 class="pull-left">Product Types this Group can access</h4>
&nbsp;
<a href="https://documentation.defectdojo.com/usage/permissions/" target="_blank">
<i class="fa-solid fa-circle-question"></i></a>
Expand Down Expand Up @@ -182,15 +182,15 @@ <h4 class="pull-left">Product Type Groups</h4>
</div>
{% else %}
<div class="panel-body">
<small class="text-muted"><em>No product type groups found.</em></small>
<small class="text-muted"><em>This Group cannot access any Product Types.</em></small>
</div>
{% endif %}
</div>

<div class="panel panel-default">
<div class="panel-heading">
<div class="clearfix">
<h4 class="pull-left">Product Groups</h4>
<h4 class="pull-left">Products this Group can access</h4>
&nbsp;
<a href="https://documentation.defectdojo.com/usage/permissions/" target="_blank">
<i class="fa-solid fa-circle-question"></i></a>
Expand Down Expand Up @@ -256,7 +256,7 @@ <h4 class="pull-left">Product Groups</h4>
</div>
{% else %}
<div class="panel-body">
<small class="text-muted"><em>No product groups found.</em></small>
<small class="text-muted"><em>This Group cannot access any Products.</em></small>
</div>
{% endif %}
</div>
Expand Down
16 changes: 8 additions & 8 deletions dojo/templates/dojo/view_user.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

{% block content %}
{{ block.super }}
<h3 id="id_heading">{% blocktrans with full_name=user.get_full_name %}User {{ full_name }}{% endblocktrans %}</h3>
<h3 id="id_heading">{% blocktrans with full_name=user.get_full_name %}User: {{ full_name }}{% endblocktrans %}</h3>
<div class="row">
<div id="tests" class="col-md-8">
<div class="panel panel-default">
Expand Down Expand Up @@ -104,7 +104,7 @@ <h4 class="pull-left">{% trans "Contact Information" %}</h4>
<div class="panel panel-default">
<div class="panel-heading">
<div class="clearfix">
<h4 class="pull-left">{% trans "Product Type Membership" %}</h4>
<h4 class="pull-left">{% trans "Product Types this User can access" %}</h4>
&nbsp;
<a href="https://documentation.defectdojo.com/usage/permissions/" target="_blank">
<i class="fa-solid fa-circle-question"></i></a>
Expand Down Expand Up @@ -170,14 +170,14 @@ <h4 class="pull-left">{% trans "Product Type Membership" %}</h4>
</div>
{% else %}
<div class="panel-body">
<small class="text-muted"><em>{% trans "No product type members found." %}</em></small>
<small class="text-muted"><em>{% trans "This User is not assigned to any Product Types." %}</em></small>
</div>
{% endif %}
</div>
<div class="panel panel-default">
<div class="panel-heading">
<div class="clearfix">
<h4 class="pull-left">{% trans "Product Membership" %}</h4>
<h4 class="pull-left">{% trans "Products this User can access" %}</h4>
&nbsp;
<a href="https://documentation.defectdojo.com/usage/permissions/" target="_blank">
<i class="fa-solid fa-circle-question"></i></a>
Expand Down Expand Up @@ -243,15 +243,15 @@ <h4 class="pull-left">{% trans "Product Membership" %}</h4>
</div>
{% else %}
<div class="panel-body">
<small class="text-muted"><em>{% trans "No product members found." %}</em></small>
<small class="text-muted"><em>{% trans "This User is not assigned to any Products." %}</em></small>
</div>
{% endif %}
</div>

<div class="panel panel-default">
<div class="panel-heading">
<div class="clearfix">
<h4 class="pull-left">{% trans "Group Membership" %}</h4>
<h4 class="pull-left">{% trans "Groups this User is a member of" %}</h4>
&nbsp;
<a href="https://documentation.defectdojo.com/usage/permissions/#groups" target="_blank">
<i class="fa-solid fa-circle-question"></i></a>
Expand Down Expand Up @@ -280,7 +280,7 @@ <h4 class="pull-left">{% trans "Group Membership" %}</h4>
<tr>
<th></th>
<th>{% trans "Group" %}</th>
<th>{% trans "Group role" %}</th>
<th>{% trans "Role in this Group" %}</th>
</tr>
</thead>
<tbody>
Expand Down Expand Up @@ -317,7 +317,7 @@ <h4 class="pull-left">{% trans "Group Membership" %}</h4>
</div>
{% else %}
<div class="panel-body">
<small class="text-muted"><em>{% trans "No group members found." %}</em></small>
<small class="text-muted"><em>{% trans "This User is not a member of any Groups." %}</em></small>
</div>
{% endif %}
</div>
Expand Down
2 changes: 1 addition & 1 deletion dojo/tools/bearer_cli/parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
from dojo.models import Finding


class BearerParser:
class BearerCLIParser:
"""
Bearer CLI tool is a SAST scanner for multiple languages
"""
Expand Down
34 changes: 33 additions & 1 deletion unittests/test_factory.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,14 @@
import logging
import os
from importlib import import_module
from importlib.util import find_spec
from inspect import isclass

from dojo.models import Test, Test_Type
from dojo.tools.factory import get_parser
from unittests.dojo_test_case import DojoTestCase, get_unit_tests_path

from .dojo_test_case import DojoTestCase, get_unit_tests_path
logger = logging.getLogger(__name__)


class TestFactory(DojoTestCase):
Expand Down Expand Up @@ -53,3 +60,28 @@ def test_get_parser_test_active_in_db(self):
)
parser = get_parser(scan_type)
self.assertIsNotNone(parser)

def test_parser_name_matches_module(self):
"""Test to ensure that parsers' class names match their module names"""
package_dir = "dojo/tools"
module_names = os.listdir(package_dir)
missing_parsers = []
excluded_parsers = [
"wizcli_common_parsers", # common class for other wizcli parsers, there is not parsing here
]
for module_name in module_names:
if module_name in excluded_parsers:
continue
if os.path.isdir(os.path.join(package_dir, module_name)):
found = False
if find_spec(f"dojo.tools.{module_name}.parser"):
module = import_module(f"dojo.tools.{module_name}.parser")
for attribute_name in dir(module):
attribute = getattr(module, attribute_name)
if isclass(attribute) and attribute_name.lower() == module_name.replace("_", "") + "parser":
found = True
if not found and module_name != "__pycache__":
missing_parsers.append(module_name)
if len(missing_parsers) > 0:
logger.error(f"Parsers with invalid names: {missing_parsers}")
self.assertEqual(0, len(missing_parsers))
6 changes: 3 additions & 3 deletions unittests/tools/test_bearer_cli_parser.py
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
from django.test import TestCase

from dojo.models import Test
from dojo.tools.bearer_cli.parser import BearerParser
from dojo.tools.bearer_cli.parser import BearerCLIParser


class TestBearerParser(TestCase):

def test_bearer_parser_with_one_vuln_has_one_findings(self):
testfile = open("unittests/scans/bearer_cli/bearer_cli_one_vul.json")
parser = BearerParser()
parser = BearerCLIParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(1, len(findings))
Expand All @@ -22,7 +22,7 @@ def test_bearer_parser_with_one_vuln_has_one_findings(self):

def test_bearer_parser_with_many_vuln_has_many_findings(self):
testfile = open("unittests/scans/bearer_cli/bearer_cli_many_vul.json")
parser = BearerParser()
parser = BearerCLIParser()
findings = parser.get_findings(testfile, Test())
testfile.close()
self.assertEqual(4, len(findings))

0 comments on commit 3a25728

Please sign in to comment.