#6620 Create API importer for Bugcrowd #6621
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
parser
settings_changes
damiencarol
reviewed
Jul 28, 2022
…unique id from tool deduplication alg
|
I have added a regex parsing for endpoints because I kept getting errors I have mentioned in #6580 ! Submissions can have random stuff in their bug_url, not just urls which is annoying... |
|
@Gby56 This is a great start here! There a couple things left to do before we can approve
|
damiencarol
reviewed
Aug 1, 2022
damiencarol
reviewed
Aug 1, 2022
damiencarol
reviewed
Aug 1, 2022
damiencarol
reviewed
Aug 1, 2022
damiencarol
reviewed
Aug 1, 2022
damiencarol
suggested changes
Aug 1, 2022
|
@Maffooch all good :) I copied tests from Edgescan |
import urllib.request
import urllib.parse
params = urllib.parse.urlencode({'spam': 1, 'eggs': 2, 'bacon': 0})
url = "http://www.musi-cal.com/cgi-bin/query?%s" % params
with urllib.request.urlopen(url) as f:
print(f.read().decode('utf-8'))Which is easier to read and less bug prone (instead of pushing the string encoded directly in the code).
|
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
|
@kiblik yeah I did the upstream fetch on my fork and it pulled the master, but now that I merged dev into my branch it's not working either, anyways I copied over the exact files from dev and there are no conflicts here, it's weird how the diff is showing |
Gby56
commented
Sep 13, 2022
|
I think it’s fine though ? It’s the same as the dev branch anyways
…On Tue 13 Sep 2022 at 21:55, kiblik ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In components/package.json
<#6621 (comment)>
:
> @@ -1,6 +1,6 @@
{
"name": "defectdojo",
- "version": "2.14.0-dev",
+ "version": "2.15.0-dev",
Unfortunately, I'm not able to help you here. I have no idea.
But I would try git rebase dev
—
Reply to this email directly, view it on GitHub
<#6621 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABTFKKCFPAAQSSBSEMMXMITV6DL4VANCNFSM545DRKNA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
kiblik
requested changes
Sep 13, 2022
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
|
the init file probably didn't get linted with black, the string delimiters were just different |
|
@kiblik tell me if everything is ok for you, I have added the feedback from the http responses in case of a failure as requested |
|
Yes @Gby56, it looks good to me. Thank you for the changes and your effort. |
Maffooch
approved these changes
Sep 14, 2022
salvianf
added a commit
to salvianf/django-DefectDojo
that referenced
this pull request
Nov 11, 2022
* adapted the helm chart of initializer-job.yaml to allow for metadata … (#6730) * adapted the helm chart of initializer-job.yaml to allow for metadata annotations * adapted the helm chart of initializer-job.yaml to run after install or upgrade * fixed typo initializerKeepSeconds to initializer.keepSeconds * renamed to jobAnnotations and moved helm hook to template values * indent fix * indent fix * Design fixes to footer, tags input, and filters snippet (#6751) * Design fixes to footer, tags input, and filters * Update dojo.css * Update base.html * Bump google-api-python-client from 2.57.0 to 2.58.0 (#6757) Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.57.0 to 2.58.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.57.0...v2.58.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) (#6755) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Fix assignee bug in JIRA view (#6741) * Fix assignee bug in JIRA view * Update dojo/jira_link/views.py Co-authored-by: Cody Maffucci <[email protected]> Co-authored-by: Cody Maffucci <[email protected]> * Bump google-auth from 2.10.0 to 2.11.0 (#6745) Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.10.0 to 2.11.0. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.10.0...v2.11.0) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update local_settings.py description * Update configuration.md * Corrected deduplication settings for Twistlock Reports (#6777) * Update versions in application files * Update Chart.yaml * Update version files * Forgot a number * Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.31.2 to v1.32.0 (helm/defectdojo/values.yaml) (#6823) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump cryptography from 37.0.4 to 38.0.1 (#6822) Bumps [cryptography](https://github.com/pyca/cryptography) from 37.0.4 to 38.0.1. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/37.0.4...38.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update rabbitmq:3.10.7-alpine Docker digest from 3.10.7 to 3.10.7-alpine (docker-compose.yml) (#6821) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) (#6820) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update nginx/nginx-prometheus-exporter Docker tag from 0.10.0 to v0.11.0 (helm/defectdojo/values.yaml) (#6818) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump sqlalchemy from 1.4.40 to 1.4.41 (#6813) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.40 to 1.4.41. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump google-api-python-client from 2.58.0 to 2.60.0 (#6812) Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.58.0 to 2.60.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.58.0...v2.60.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update actions/checkout action from v2 to v3 (.github/workflows/submodule-update.yml) (#6805) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump jira from 3.4.0 to 3.4.1 (#6800) Bumps [jira](https://github.com/pycontribs/jira) from 3.4.0 to 3.4.1. - [Release notes](https://github.com/pycontribs/jira/releases) - [Commits](https://github.com/pycontribs/jira/compare/3.4.0...3.4.1) --- updated-dependencies: - dependency-name: jira dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump djangosaml2 from 1.5.1 to 1.5.2 (#6799) Bumps [djangosaml2](https://github.com/IdentityPython/djangosaml2) from 1.5.1 to 1.5.2. - [Release notes](https://github.com/IdentityPython/djangosaml2/releases) - [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES) - [Commits](https://github.com/IdentityPython/djangosaml2/compare/v1.5.1...v1.5.2) --- updated-dependencies: - dependency-name: djangosaml2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump django-slack from 5.17.8 to 5.18.0 (#6789) Bumps [django-slack](https://github.com/lamby/django-slack) from 5.17.8 to 5.18.0. - [Release notes](https://github.com/lamby/django-slack/releases) - [Commits](https://github.com/lamby/django-slack/compare/5.17.8...5.18.0) --- updated-dependencies: - dependency-name: django-slack dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump vcrpy from 4.2.0 to 4.2.1 (#6785) Bumps [vcrpy](https://github.com/kevin1024/vcrpy) from 4.2.0 to 4.2.1. - [Release notes](https://github.com/kevin1024/vcrpy/releases) - [Changelog](https://github.com/kevin1024/vcrpy/blob/master/docs/changelog.rst) - [Commits](https://github.com/kevin1024/vcrpy/compare/v4.2.0...v4.2.1) --- updated-dependencies: - dependency-name: vcrpy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump jquery from 3.6.0 to 3.6.1 in /components (#6766) Bumps [jquery](https://github.com/jquery/jquery) from 3.6.0 to 3.6.1. - [Release notes](https://github.com/jquery/jquery/releases) - [Commits](https://github.com/jquery/jquery/compare/3.6.0...3.6.1) --- updated-dependencies: - dependency-name: jquery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump python-gitlab from 3.8.1 to 3.9.0 (#6765) Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 3.8.1 to 3.9.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](https://github.com/python-gitlab/python-gitlab/compare/v3.8.1...v3.9.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Corrected deduplication settings for anchore enterprise policy checks (#6770) * Set finding to inactivate after creation of risk acceptance (#6780) * Auth: Add RemoteUser implementation (#6782) * Add RemoteUser implementation * Add documentation * Add support also for API * Fix bug that caused scan imports to fail (#6775) * Adding Closed Notes to Jira (#6806) current condition : All notes that we sent through the finding detail are sent to jira. But, the closed notes we sent when we close the finding is not sent to jira even if that notes are saved to the finding notes in the finding detail page. proposed changes : sent the close finding notes to jira also * Sort findings in notifications (#6817) * Sorting by severity after add/update * Sorting out * Sorting by severity after add/update * Sorting out * Translate metrics (#6819) * Prepared translate for metrics pages * Fix flake8 notice Co-authored-by: Дмитрий Муковкин <[email protected]> * Update the text that slack notification shows (#6825) * Update the text that slack notification shows Currently, when a test is added and slack notification is enable is showed: "New test added for engagement {engament.product}" I suggest adding the engament name to this phrase: " New test added for engagement {{engagement.name }} in product {{ engagement.produc}}" * corrected typo in product corrected typo in product * #6620 Create API importer for Bugcrowd (#6621) * Create API importer for Bugcrowd * Fix linting * Documentation update * Implement URI extraction via regex, pagination fetch loop, switch to unique id from tool deduplication alg * Update api_client.py * Various fixes * Fix dateutil parse and auth header * Fix linting * Switch to session * Implement unit testing - WIP * Bugcrowd api importer unit tests * Fix flake8 * Simplify parameterization for bugcrowd JSONAPI format * Fix urlencoding and loop for pagination * Implement generator api client * v3 of fetcher with multithreading * Linting with Black, test data changed for generator function, fix tests * fix pep8 and add ignore W503 in flake8 * remove json from test * Use logger for endpoint parsing errors, without breaking parser * Strip bug url to improve endpoint parsing * Remove regex usage * Handle endpoint uri a bit better * use logger error for endpoint converting * Improve requests exception handling * Remove regexes, convert_endpoint function * Raise exeptions for responses and connection tests * Do not save broken endpoints, add cleaning in tests * Align to dev branch * Named ValidationError exceptions * Fix conflicts * Fix conflicts * Add response text in error message * Fix liniting * Update __init__.py Co-authored-by: Damien Carol <[email protected]> * Bump numpy from 1.23.2 to 1.23.3 (#6830) Bumps [numpy](https://github.com/numpy/numpy) from 1.23.2 to 1.23.3. - [Release notes](https://github.com/numpy/numpy/releases) - [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst) - [Commits](https://github.com/numpy/numpy/compare/v1.23.2...v1.23.3) --- updated-dependencies: - dependency-name: numpy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump django-extensions from 3.2.0 to 3.2.1 (#6831) Bumps [django-extensions](https://github.com/django-extensions/django-extensions) from 3.2.0 to 3.2.1. - [Release notes](https://github.com/django-extensions/django-extensions/releases) - [Changelog](https://github.com/django-extensions/django-extensions/blob/main/CHANGELOG.md) - [Commits](https://github.com/django-extensions/django-extensions/compare/3.2.0...3.2.1) --- updated-dependencies: - dependency-name: django-extensions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump python from 3.8.13-slim-bullseye to 3.8.14-slim-bullseye (#6832) Bumps python from 3.8.13-slim-bullseye to 3.8.14-slim-bullseye. --- updated-dependencies: - dependency-name: python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update dependency autoprefixer from 10.4.8 to v10.4.10 (docs/package.json) (#6828) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix npm audit JFrog Artifactory import bug (#6786) * fix npm audit JFrog Artifactory import bug * added unittest to ensure the npm parser error having a cwe: null will not happen again * fixed wrong assertion * Optimize metrics (#6798) * Optimize metric pages * Fix design in metrics.html page * Fixed counting for active_per_period parameter in get_period_counts method * Fixed unittest test_metrics_queries.py Co-authored-by: Дмитрий Муковкин <[email protected]> * switch to Has Capabilities (#6759) * switch to Has Capabilities * Address Ingress object * Center the "No Endpoints" text to match the other objects (#6851) * Center the "No Endpoints" text to match the other objects * Update endpoints.html * Fix simple search width (#6850) * Added questionnaire functionality documentation * Fixed bleach clean issue with display tag * Fix simple search width * Fixed simple search width * Update release automation to fix helm issues, Bump versions (#6849) * Replace documentation links (#6764) * Replace documentation links, Remove local documentation workflows * Fix flake8? * Maybe this is it> * Restore gh-pages workflow * Fixed bleach clean not allowing links in descriptions (#6848) * Added questionnaire functionality documentation * Fixed bleach clean issue with display tag * Fixed links in descriptions being cleaned by bleach * API Cleanup: Set sane defaults for non required fields and safely retrieve results (#6847) * API Cleanup: Set san defaults for non required fields and safely retrieve results * Correct unit tests * Added questionnaire functionality documentation (#6846) * Update helm chart test * Update versions in application files * Bump google-auth-oauthlib from 0.5.2 to 0.5.3 (#6843) Bumps [google-auth-oauthlib](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib) from 0.5.2 to 0.5.3. - [Release notes](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python-oauthlib/blob/main/CHANGELOG.md) - [Commits](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/compare/v0.5.2...v0.5.3) --- updated-dependencies: - dependency-name: google-auth-oauthlib dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update release-drafter/release-drafter action from v5.20.1 to v5.21.0 (.github/workflows/release-drafter.yml) (#6842) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency autoprefixer from 10.4.10 to v10.4.11 (docs/package.json) (#6841) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump drf-spectacular from 0.23.1 to 0.24.0 (#6838) Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.23.1 to 0.24.0. - [Release notes](https://github.com/tfranzel/drf-spectacular/releases) - [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst) - [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.23.1...0.24.0) --- updated-dependencies: - dependency-name: drf-spectacular dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix log_user_login_failed is username is missing (#6854) * Parse mitigation status for Veracode SCA findings (#6855) * Bump packageurl-python from 0.10.1 to 0.10.3 (#6856) Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.10.1 to 0.10.3. - [Release notes](https://github.com/package-url/packageurl-python/releases) - [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst) - [Commits](https://github.com/package-url/packageurl-python/compare/v0.10.1...v0.10.3) --- updated-dependencies: - dependency-name: packageurl-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(helm): fix postgresql svc name (#6816) * Update celery-beat-deployment.yaml updated celery-beat-deployment template to include generic secrets for rabbitmq and mysql. Furthermore, removed not necessary ifs * Update celery-worker-deployment.yaml updated celery-worker-deployment template to include generic secrets for rabbitmq and mysql. Furthermore, removed not necessary ifs * Update django-deployment.yaml updated django-deployment template to include generic secrets for rabbitmq and mysql. Furthermore, removed not necessary ifs * Update celery-beat-deployment.yaml fixed helm lint problems * Update celery-worker-deployment.yaml fixed helm lint problems * Update django-deployment.yaml fixed helm lint problems * Bump pyjwt from 2.4.0 to 2.5.0 (#6860) Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0) --- updated-dependencies: - dependency-name: pyjwt dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bugfixes for Github Vulnerability Parser (#6870) * Add checks for anonymous users in auth model (#6869) * Add checks for anonymous users in auth model * Change type of failure for queries object * Fix Flake8 * Update versions in application files * Update versions in application files * added Null value check in vectorString of Github Scan (Credit @L3m0nb4tt3ry) (#6879) * Update test-helm-chart.yml * SonarQube API Importer: Supprt for SonarCloud and Multi Branch Scanning (#6880) * SonarQube API Importer: Supprt for SonarCloud and Multi Branch Scanning * Correct the removed find project capability * Update versions in application files * Update versions in application files * Bump google-auth from 2.11.0 to 2.11.1 (#6863) Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.11.0 to 2.11.1. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.11.0...v2.11.1) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update dependency autoprefixer from 10.4.11 to v10.4.12 (docs/package.json) (#6868) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump djangosaml2 from 1.5.2 to 1.5.3 (#6877) Bumps [djangosaml2](https://github.com/IdentityPython/djangosaml2) from 1.5.2 to 1.5.3. - [Release notes](https://github.com/IdentityPython/djangosaml2/releases) - [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES) - [Commits](https://github.com/IdentityPython/djangosaml2/compare/v1.5.2...v1.5.3) --- updated-dependencies: - dependency-name: djangosaml2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update redis Docker tag from 7.0.4 to v7.0.5 (docker-compose.yml) (#6887) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update celery-beat-deployment.yaml * Update celery-worker-deployment.yaml * Update django-deployment.yaml * Bump drf-spectacular from 0.24.0 to 0.24.2 (#6909) Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.24.0 to 0.24.2. - [Release notes](https://github.com/tfranzel/drf-spectacular/releases) - [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst) - [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.24.0...0.24.2) --- updated-dependencies: - dependency-name: drf-spectacular dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump drf-yasg from 1.21.3 to 1.21.4 (#6908) Bumps [drf-yasg](https://github.com/axnsan12/drf-yasg) from 1.21.3 to 1.21.4. - [Release notes](https://github.com/axnsan12/drf-yasg/releases) - [Changelog](https://github.com/axnsan12/drf-yasg/blob/1.21.4/docs/changelog.rst) - [Commits](https://github.com/axnsan12/drf-yasg/compare/1.21.3...1.21.4) --- updated-dependencies: - dependency-name: drf-yasg dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update rabbitmq Docker tag from 3.10.7 to v3.11.0 (docker-compose.yml) (#6905) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency postcss-cli from 9.1.0 to v10 (docs/package.json) (#6903) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump django-debug-toolbar from 3.6.0 to 3.7.0 (#6900) Bumps [django-debug-toolbar](https://github.com/jazzband/django-debug-toolbar) from 3.6.0 to 3.7.0. - [Release notes](https://github.com/jazzband/django-debug-toolbar/releases) - [Changelog](https://github.com/jazzband/django-debug-toolbar/blob/main/docs/changes.rst) - [Commits](https://github.com/jazzband/django-debug-toolbar/compare/3.6...3.7) --- updated-dependencies: - dependency-name: django-debug-toolbar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump humanize from 4.3.0 to 4.4.0 (#6884) Bumps [humanize](https://github.com/python-humanize/humanize) from 4.3.0 to 4.4.0. - [Release notes](https://github.com/python-humanize/humanize/releases) - [Commits](https://github.com/python-humanize/humanize/compare/4.3.0...4.4.0) --- updated-dependencies: - dependency-name: humanize dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump easymde from 2.16.1 to 2.18.0 in /components (#6872) Bumps [easymde](https://github.com/Ionaru/easy-markdown-editor) from 2.16.1 to 2.18.0. - [Release notes](https://github.com/Ionaru/easy-markdown-editor/releases) - [Changelog](https://github.com/Ionaru/easy-markdown-editor/blob/master/CHANGELOG.md) - [Commits](https://github.com/Ionaru/easy-markdown-editor/compare/2.16.1...2.18.0) --- updated-dependencies: - dependency-name: easymde dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update stefanzweifel/git-auto-commit-action action from v4.14.1 to v4.15.0 (.github/workflows/release-3-master-into-dev.yml) (#6895) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) (#6902) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump google-api-python-client from 2.60.0 to 2.63.0 (#6910) Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.60.0 to 2.63.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.60.0...v2.63.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump djangorestframework from 3.13.1 to 3.14.0 (#6883) Bumps [djangorestframework](https://github.com/encode/django-rest-framework) from 3.13.1 to 3.14.0. - [Release notes](https://github.com/encode/django-rest-framework/releases) - [Commits](https://github.com/encode/django-rest-framework/compare/3.13.1...3.14.0) --- updated-dependencies: - dependency-name: djangorestframework dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Mitigate Veracode SourceClear findings with "Fixed" status (#6876) * Added parser for new report format of AnchoreCTL (Anchore Enterprise Engine's new CLI Tool) (#6874) * Added parser for anchore engine reports exported with AnchoreCTL * Added parser for policy results from anchoreCTL, renamed vuln parser * Adjusted name of class to avoid conflicts * Corrected wrong key * Adjusted syntax errors * Added unit tests, fixed unit tests * Removed explicit platform definition in docker-compose * Corrected dedup settings * Removed author info * Fixing broken report generation when more than one item is selected (#6906) * Fix error when promoting stub finding to JIRA (#6898) * Fix improper reactivation in reimporter, using is_mitigated (#6885) * Fix improper reactivation in reimporter, using is_mitigated https://github.com/DefectDojo/django-DefectDojo/pull/6452 * Update reimporter.py * Fix accepted by name (#6867) * Update view_risk_acceptance.html Remove get_full_name from accepted_by as it's free text not a user * Update view_eng.html Remove get_full_name from accepted_by as it's free text not a user * Fix url creation for github for file location (#6888) * [FIX] JQuery Error on Edit Finding (#6619) * Bug Fix (JQuery Error) When editing a finding, a click on the "See Alerts" button at the right corner of the webpage will cause a JQuery JavaScript Error. Removing JQuery usage and using JS trim instead. * Update package.json * Update __init__.py * Update pipeline.py * Update Chart.yaml * Update pipeline.py * Update views.py * Update __init__.py * Update views.py * Update pipeline.py * Update pipeline.py * tools: NeuVector: introducing NeuVector (REST) scan type (#6809) This commit adds the support of NeuVector (https://github.com/neuvector/neuvector) tool for importing scan results. Scan results can be exported via REST API in JSON format (that is why the tool is named 'NeuVector (REST)'). There is no GUI for that at the moment. Scan results are just a list of issues found in packages installed in a container or an image. Very similar to Twistlock. NeuVector also provides compliance scan results. This is not supported by the introduced tool. * Bump django-dbbackup from 4.0.1 to 4.0.2 (#6911) Bumps [django-dbbackup](https://github.com/jazzband/django-dbbackup) from 4.0.1 to 4.0.2. - [Release notes](https://github.com/jazzband/django-dbbackup/releases) - [Changelog](https://github.com/jazzband/django-dbbackup/blob/master/docs/changelog.rst) - [Commits](https://github.com/jazzband/django-dbbackup/commits/4.0.2) --- updated-dependencies: - dependency-name: django-dbbackup dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump django-split-settings from 1.1.0 to 1.2.0 (#6914) Bumps [django-split-settings](https://github.com/sponsors/wemake-services) from 1.1.0 to 1.2.0. - [Release notes](https://github.com/sponsors/wemake-services/releases) - [Commits](https://github.com/sponsors/wemake-services/commits) --- updated-dependencies: - dependency-name: django-split-settings dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump google-auth from 2.11.1 to 2.12.0 (#6913) Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.11.1 to 2.12.0. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.11.1...v2.12.0) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update helm/chart-testing-action action from v2.3.0 to v2.3.1 (.github/workflows/test-helm-chart.yml) (#6915) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Estimated remediation date (#6302) * initial commit for branch * added bulk edit * code complete (I hope). Committing before adding tests * additional work to allow users to edit/add a planned remediation date * Typo on auto_create_context (#6291) * removed calendar icons in list view * pep8 fixes * pep8 fixes * pep8 again! * removed manually created migration file * auto-generated migration file * formatting fixes * pep8 fix * reran migrations and still getting changes for rule and child_rule * reran migrations * formatting changes * Update forms.py * updated find method for dom element * updated adhoc Finding form for bug fix * removing erroneous selenium config * updated promot finding form for bug fix * formatting fix * PR cleanups * rebase on latest dev * pep8 fixes * formatting fixes * formatting changes * updated adhoc Finding form for bug fix * PR cleanups * fixed bolded remediation date field * removed breaks and used CSS * pep8 fixes * pep8 fix * fixing bad migration * merging latest from dev * further merge fixes * css fixes for date picker * Update docker-compose.override.integration_tests.yml Co-authored-by: Chris Fort <[email protected]> Co-authored-by: Bastian Hodapp <[email protected]> Co-authored-by: Cody Maffucci <[email protected]> * Bump python-gitlab from 3.9.0 to 3.10.0 (#6912) Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 3.9.0 to 3.10.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](https://github.com/python-gitlab/python-gitlab/compare/v3.9.0...v3.10.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add support for specifying custom JIRA fields (#6740) * Add support for specifying custom JIRA fields * Update and rename 0169_jira_project_custom_fields.py to 0170_jira_project_custom_fields.py Co-authored-by: Cody Maffucci <[email protected]> * Don't create finding JIRAs on a bulk update if we are creating a finding group JIRA (#6709) * Update dependency postcss from 8.4.16 to v8.4.17 (docs/package.json) (#6923) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Add the ability to set JIRA labels per-product or engagement (#6720) * Add the ability to set JIRA labels per-product or engagement * Rename 0169_auto_20220816_1333.py to 0169_jira_labels_per_product_and_engagement.py * Delete 0170_jira_project_custom_fields.py * Update and rename 0169_jira_labels_per_product_and_engagement.py to 0171_jira_labels_per_product_and_engagement.py * Restore deleted migration * Fix spacing in migration to remove change from dif Co-authored-by: Cody Maffucci <[email protected]> * Added filter for existance of JIRA issue in finding (#6919) * Bump coverage from 6.4.4 to 6.5.0 (#6921) Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.4 to 6.5.0. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/6.4.4...6.5.0) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * changed type to regular django type to also pick up creation events (#6918) * changed type to regular django type to also pick up creation events from ldap and oauth * removed unused import * this event should be triggered for all user-types * fixed test to include the now created group/notification relations * Bugfixing when the Checkov report has no findings (#6097) * Bugfixing when the Checkov report has no findings # Current error log: [29/Mar/2022 11:55:54] ERROR [dojo.api_v2.exception_handler:26] 'check_type' Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 506, in dispatch response = handler(request, *args, **kwargs) File "/usr/local/lib/python3.8/site-packages/rest_framework/mixins.py", line 19, in create self.perform_create(serializer) File "/app/./dojo/api_v2/views.py", line 1957, in perform_create serializer.save(push_to_jira=push_to_jira) File "/app/./dojo/api_v2/serializers.py", line 1246, in save test, finding_count, closed_finding_count = importer.import_scan(scan, scan_type, engagement, lead, environment, File "/app/./dojo/importers/importer/importer.py", line 349, in import_scan parsed_findings = parser.get_findings(scan, test) File "/app/./dojo/tools/checkov/parser.py", line 22, in get_findings check_type = tree['check_type'] KeyError: 'check_type' [29/Mar/2022 11:55:54] ERROR [django.request:224] Internal Server Error: /api/v2/import-scan/ ERROR:django.request:Internal Server Error: /api/v2/import-scan/ [pid: 1|app: 0|req: 2020/4117] 10.6.33.147 () {44 vars in 738 bytes} [Tue Mar 29 11:55:54 2022] POST /api/v2/import-scan/ => generated 59 bytes in 54 msecs (HTTP/1.1 500) 7 headers in 212 bytes (1 switches on core 1) * Fix to make the previous fix shorter. Co-authored-by: Daniel Velardez <[email protected]> * added option to add labels using podLabels: {} * Bump django from 3.2.15 to 3.2.16 (#6938) Bumps [django](https://github.com/django/django) from 3.2.15 to 3.2.16. - [Release notes](https://github.com/django/django/releases) - [Commits](https://github.com/django/django/compare/3.2.15...3.2.16) --- updated-dependencies: - dependency-name: django dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * SonarQube API Importer: Add sonarcloud global org id, code clean up (#6928) * SonarQube API Importer: Add sonarcloud global org id, code clean up * Fix Flake8 * Add clause for non entered extras * Jira Webhook: Catch missing assignee field + code cleanup (#6929) * Add validation error when users attempt to send email without valid SMTP server (#6930) * Add validation error when users attempt send email without valid SMTP server * Be sure to close connection after opening it * Update views.py * TruffleHog: Add v3 support to original trufflehog parser (#6937) * TruffleHog: Add v3 support to originaly trufflehog parser * Remove extra printing * Flake8 * Update versions in application files * Add upgrade notes for 2.15.0 * Update versions in application files * Make doc update action only apply when docs are updated * Rev node version for gh-pages deploy * Update rabbitmq:3.11.0-alpine Docker digest from 3.11.0 to 3.11.0-alpine (docker-compose.yml) (#6936) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump pytz from 2022.2.1 to 2022.4 (#6934) Bumps [pytz](https://github.com/stub42/pytz) from 2022.2.1 to 2022.4. - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](https://github.com/stub42/pytz/commits) --- updated-dependencies: - dependency-name: pytz dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Make version optional for cyclonedx (#6950) * Update tj-actions/changed-files action from v31 to v32 (.github/workflows/submodule-update.yml) (#6949) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump google-api-python-client from 2.63.0 to 2.64.0 (#6946) Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.63.0 to 2.64.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.63.0...v2.64.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Parse state, cwe and createdAt in the GitHub parser (#6945) * Update styfle/cancel-workflow-action action from 0.10.0 to v0.10.1 (.github/workflows/cancel-outdated-workflow-runs.yml) (#6927) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update redis:7.0.5-alpine Docker digest from 7.0.5 to 7.0.5-alpine (docker-compose.yml) (#6953) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Rev actions to latest ubuntu version per https://github.com/actions/runner-images/issues/6002 (#6931) * Helm Chart: Create PVC as part of the Chart (#6271) * Create PVC as part of the Chart * Allow creating pvc or disabling it * Set pvc creation to false as default * Remove trailing spaces * Modify storage access mode and size * Update KUBERNETES.md to reflect storage accessMode * Fix linting issue * Modify pvc documentation in KUBERNETES.md * Bump psycopg2-binary from 2.9.3 to 2.9.4 (#6958) Bumps [psycopg2-binary](https://github.com/psycopg/psycopg2) from 2.9.3 to 2.9.4. - [Release notes](https://github.com/psycopg/psycopg2/releases) - [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS) - [Commits](https://github.com/psycopg/psycopg2/commits) --- updated-dependencies: - dependency-name: psycopg2-binary dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump gitpython from 3.1.27 to 3.1.28 (#6957) Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.27 to 3.1.28. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.27...3.1.28) --- updated-dependencies: - dependency-name: gitpython dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [Fix] API - Tool Product Settings (#6170) (#6904) * Made the product editable on Tool_Product_Settings * Reverted the model change and modified the Tool_Product_Settings serializer to support specifying the product. * dojo: tool: introduce NeuVector compliance scans import support (#6947) This commit makes DefectDojo to support compliance scans performed by NeuVector. Such scan results can only be fetched via REST API using endpoints like /v1/scan/workload/{id} and /v1/host/{id}/compliance. The latter one returns the results in a slightly different format. Both of them are supported. * Bump nginx from `082f8c1` to `b87c350` (#6961) Bumps nginx from `082f8c1` to `b87c350`. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pdfmake from 0.2.5 to 0.2.6 in /components (#6960) Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.2.5 to 0.2.6. - [Release notes](https://github.com/bpampuch/pdfmake/releases) - [Changelog](https://github.com/bpampuch/pdfmake/blob/0.2.6/CHANGELOG.md) - [Commits](https://github.com/bpampuch/pdfmake/compare/0.2.5...0.2.6) --- updated-dependencies: - dependency-name: pdfmake dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * dojo: jira_link: improve error reporting when fetching Jira metadata (#6962) get_jira_meta() function in did not check if jira.createmeta() raises an exception. In case an exception was raised, it was not logged anyhow, the logs contained only "invalid JIRA Project Config.." message in DEBUG stream. This commit stores an error triggered by jira.createmeata() in logs and displays it to a user. The commit also slightly improves quotes formatting for debug-level error message. * Add the ability to specify the Epic name and priority in JIRA (#6768) * Update stefanzweifel/git-auto-commit-action action from v4.15.0 to v4.15.1 (.github/workflows/release-3-master-into-dev.yml) (#6964) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Use DEDUPE_ALGO_HASH_CODE for Acunetix360 (#6968) * Update mysql Docker tag from 5.7.39 to v5.7.40 (docker-compose.yml) (#6969) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update versions in application files * Fixed 500 error for GitHub finding links (#6981) * Typo on auto_create_context (#6291) * Fixed 500 error for GitHub finding links Co-authored-by: Bastian Hodapp <[email protected]> * Update versions in application files * Add Rubocop to parser documentation (#6978) * Update styfle/cancel-workflow-action action from 0.10.1 to v0.11.0 (.github/workflows/cancel-outdated-workflow-runs.yml) (#6977) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency postcss from 8.4.17 to v8.4.18 (docs/package.json) (#6979) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump cryptography from 38.0.1 to 38.0.2 (#6976) Bumps [cryptography](https://github.com/pyca/cryptography) from 38.0.1 to 38.0.2. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/38.0.1...38.0.2) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pygithub from 1.55 to 1.56 (#6986) Bumps [pygithub](https://github.com/pygithub/pygithub) from 1.55 to 1.56. - [Release notes](https://github.com/pygithub/pygithub/releases) - [Changelog](https://github.com/PyGithub/PyGithub/blob/master/doc/changes.rst) - [Commits](https://github.com/pygithub/pygithub/compare/v1.55...v1.56) --- updated-dependencies: - dependency-name: pygithub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update postgres:14.5-alpine Docker digest from 14.5 to 14.5-alpine (docker-compose.yml) (#6952) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Fix errors with risk acceptance filter (#6984) * Fix issues with Bugcrowd API parser not marking not_applicable/not_reproducible as inactive (#6974) * Update rabbitmq:3.11.0-alpine Docker digest from 3.11.0 to v (docker-compose.yml) (#6988) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update rabbitmq Docker tag from 3.11.0 to v3.11.1 (docker-compose.yml) (#6989) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump packageurl-python from 0.10.3 to 0.10.4 (#6997) Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.10.3 to 0.10.4. - [Release notes](https://github.com/package-url/packageurl-python/releases) - [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst) - [Commits](https://github.com/package-url/packageurl-python/compare/v0.10.3...v0.10.4) --- updated-dependencies: - dependency-name: packageurl-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sqlalchemy from 1.4.41 to 1.4.42 (#6996) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.41 to 1.4.42. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update rabbitmq:3.11.1-alpine Docker digest from 3.11.1 to 3.11.1-alpine (docker-compose.yml) (#6993) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update release-drafter/release-drafter action from v5.21.0 to v5.21.1 (.github/workflows/release-drafter.yml) (#7000) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Parse Veracode library_id for SCA to get the maven component name (#6995) * Enable filtering Findings on steps_to_reproduce (#6970) * Bump python from 3.8.14-slim-bullseye to 3.8.15-slim-bullseye (#6998) Bumps python from 3.8.14-slim-bullseye to 3.8.15-slim-bullseye. --- updated-dependencies: - dependency-name: python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update asset and findings retrieval for Cobalt API parser (#7005) Update the Cobalt API parser's `CobaltAPI` client to fetch the maximum allowed number of findings and assets. * Update tj-actions/changed-files action from v32 to v33 (.github/workflows/submodule-update.yml) (#7014) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update rabbitmq Docker tag from 3.11.1 to v3.11.2 (docker-compose.yml) (#7008) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [FIX] Issues on disconnection and connection using Social Auth (#6066) * [FIX] Issues on disconnection and connection using OAuth Fix two issues: - When disconnecting using OAuth and "SHOW_LOGIN_FORM = False", as return URL is not /login and does not contains next parameter, an error 500 is trigerred. - When connecing using OAuth and "SHOW_LOGIN_FORM = False", message "You have logged out" is displayed after logging in. * Fixing Flake8 issues * Update package.json * Update __init__.py * Update views.py * Update pipeline.py * Update Chart.yaml * Update __init__.py * Update views.py * Update pipeline.py * Update pipeline.py * Update pipeline.py * Fix out of SLA time (#7017) * Add a HTML link in the references back to the Bugcrowd finding (#7018) * Bump boto3 from 1.24.55 to 1.25.0 (#7022) Bumps [boto3](https://github.com/boto/boto3) from 1.24.55 to 1.25.0. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](https://github.com/boto/boto3/compare/1.24.55...1.25.0) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update tj-actions/changed-files action from v33 to v34 (.github/workflows/submodule-update.yml) (#7026) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.32.0 to v1.33.0 (helm/defectdojo/values.yaml) (#7025) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump uwsgi from 2.0.20 to 2.0.21 (#7023) Bumps [uwsgi](https://github.com/unbit/uwsgi-docs) from 2.0.20 to 2.0.21. - [Release notes](https://github.com/unbit/uwsgi-docs/releases) - [Commits](https://github.com/unbit/uwsgi-docs/commits) --- updated-dependencies: - dependency-name: uwsgi dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update postgres:14.5-alpine Docker digest from 14.5 to v (docker-compose.yml) (#7024) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump google-auth-oauthlib from 0.5.3 to 0.6.0 (#7021) Bumps [google-auth-oauthlib](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib) from 0.5.3 to 0.6.0. - [Release notes](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python-oauthlib/blob/main/CHANGELOG.md) - [Commits](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/compare/v0.5.3...v0.6.0) --- updated-dependencies: - dependency-name: google-auth-oauthlib dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update rabbitmq:3.11.2-alpine Docker digest from 3.11.2 to 3.11.2-alpine (docker-compose.yml) (#7020) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump nginx from 1.23.1-alpine to 1.23.2-alpine (#7019) Bumps nginx from 1.23.1-alpine to 1.23.2-alpine. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update stefanzweifel/git-auto-commit-action action from v4.15.1 to v4.15.2 (.github/workflows/release-3-master-into-dev.yml) (#7016) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Add support for ZAP "XML with requests and responses" format (#7013) * Support ZAP XML with requests and responses Signed-off-by: Max Maass <[email protected]> * Update ZAP parser with final XMLplus format Signed-off-by: Max Maass <[email protected]> * Update ZAP parser docs Signed-off-by: Max Maass <[email protected]> Signed-off-by: Max Maass <[email protected]> * Bump pyjwt from 2.5.0 to 2.6.0 (#7010) Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](https://github.com/jpadilla/pyjwt/commits) --- updated-dependencies: - dependency-name: pyjwt dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update mysql:5.7.40 Docker digest from 5.7.40 to v (docker-compose.yml) (#7007) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump pytz from 2022.4 to 2022.5 (#7003) Bumps [pytz](https://github.com/stub42/pytz) from 2022.4 to 2022.5. - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](https://github.com/stub42/pytz/compare/release_2022.4...release_2022.5) --- updated-dependencies: - dependency-name: pytz dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Don't save vulnerability Ids on a re-import if they're already defined for the finding (#7012) * Bump gitpython from 3.1.28 to 3.1.29 (#6966) Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.28 to 3.1.29. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.28...3.1.29) --- updated-dependencies: - dependency-name: gitpython dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add the ability to only create finding groups when you have more than one finding in the group (#6916) * Bump google-auth from 2.12.0 to 2.13.0 (#7004) Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.12.0 to 2.13.0. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.12.0...v2.13.0) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update postgres Docker tag from 14.5 to v15 (docker-compose.yml) (#6994) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump google-api-python-client from 2.64.0 to 2.65.0 (#7006) Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.64.0 to 2.65.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.64.0...v2.65.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Endpoint_Status: Optimize DB (remove redundancy) (#6193) * Endpoint_Status: Optimize DB (remove redundancy) * small changes in comments * Fix importers, add TODOs * Fix migrations - rebase * Fix fixtures * add findings to Endpoint * consolidate models.py * fix alternative names for endpoint_status diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py index 592b6bb16..83c5fc5bc 100644 --- a/dojo/api_v2/views.py +++ b/dojo/api_v2/views.py @@ -507,7 +507,7 @@ class FindingViewSet(prefetch.PrefetchListMixin, 'finding_group_set', 'files', 'burprawrequestresponse_set', - 'endpoint_status', + 'status_finding', 'finding_meta', 'test__test_type', 'test__engagement', @@ -1757,7 +1757,7 @@ class TestImportViewSet(prefetch.PrefetchListMixin, 'test_import_finding_action_set', 'findings_affected', 'findings_affected__endpoints', - 'findings_affected__endpoint_status', + 'findings_affected__status_finding', 'findings_affected__finding_meta', 'findings_affected__jira_issue', 'findings_affected__burprawrequestresponse_set', diff --git a/dojo/endpoint/views.py b/dojo/endpoint/views.py index 4bfb0805e..dd239751a 100644 --- a/dojo/endpoint/views.py +++ b/dojo/endpoint/views.py @@ -32,10 +32,17 @@ logger = logging.getLogger(__name__) def process_endpoints_view(request, host_view=False, vulnerable=False): if vulnerable: - endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__fals…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements #6620
Needs testing too