Merge pull request DefectDojo#9986 from DefectDojo/release/2.33.5

Release: Merge release into master from: release/2.33.5
hblankenship · Apr 22, 2024 · 5f5fe08 · 5f5fe08
2 parents 9605218 + 3f34e6f
commit 5f5fe08
Show file tree

Hide file tree

Showing 9 changed files with 351 additions and 9 deletions.
diff --git a/components/package.json b/components/package.json
@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.33.4",
+  "version": "2.33.5",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

diff --git a/dojo/__init__.py b/dojo/__init__.py
@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = '2.33.4'
+__version__ = '2.33.5'
 __url__ = 'https://github.com/DefectDojo/django-DefectDojo'
 __docs__ = 'https://documentation.defectdojo.com'
diff --git a/dojo/remote_user.py b/dojo/remote_user.py
@@ -98,4 +98,13 @@ class RemoteUserScheme(OpenApiAuthenticationExtension):
     priority = 1
 
     def get_security_definition(self, auto_schema):
-        return settings.SWAGGER_SETTINGS['SECURITY_DEFINITIONS']['remoteUserAuth']
+        header_name = settings.AUTH_REMOTEUSER_USERNAME_HEADER
+        if header_name.startswith('HTTP_'):
+            header_name = header_name[5:]
+        header_name = header_name.replace('_', '-').capitalize()
+
+        return {
+            'type': 'apiKey',
+            'in': 'header',
+            'name': header_name,
+        }
diff --git a/dojo/templates/dojo/snippets/engagement_list.html b/dojo/templates/dojo/snippets/engagement_list.html
@@ -45,7 +45,7 @@ <h4> {% if status == "open" %}Active{% elif status == "paused" %}Paused {% else
                     <th class="text-left">Date</th>
                     <th class="text-left">Length</th>
                     {% if system_settings.enable_jira %}
-                    <th class="text-center">JIRA</td>
+                    <th class="text-center">JIRA</th>
                     {% endif %}
                     <th class="text-center">Tests</th>
                     <th class="text-center">Active (Verified)</th>

diff --git a/dojo/tools/anchore_grype/parser.py b/dojo/tools/anchore_grype/parser.py
@@ -163,15 +163,15 @@ def get_findings(self, file, test):
                 finding.nb_occurences += 1
             else:
                 dupes[dupe_key] = Finding(
-                    title=finding_title,
-                    description=finding_description,
+                    title=finding_title.replace("\x00", ""),
+                    description=finding_description.replace("\x00", ""),
                     cwe=1352,
                     cvssv3=finding_cvss3,
                     severity=vuln_severity,
                     mitigation=finding_mitigation,
                     references=finding_references,
                     component_name=artifact_name,
-                    component_version=artifact_version,
+                    component_version=artifact_version.replace("\x00", ""),
                     vuln_id_from_tool=vuln_id,
                     tags=finding_tags,
                     static_finding=True,

diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: "2.33.4"
+appVersion: "2.33.5"
 description: A Helm chart for Kubernetes to install DefectDojo
 name: defectdojo
-version: 1.6.122
+version: 1.6.123
 icon: https://www.defectdojo.org/img/favicon.ico
 maintainers:
   - name: madchap

diff --git a/unittests/scans/anchore_grype/issue_9942.json b/unittests/scans/anchore_grype/issue_9942.json
diff --git a/unittests/test_remote_user.py b/unittests/test_remote_user.py
@@ -1,6 +1,7 @@
 from django.test import Client, override_settings
 from netaddr import IPSet
 from dojo.models import User, Dojo_Group, Dojo_Group_Member
+from dojo.remote_user import RemoteUserScheme
 from .dojo_test_case import DojoTestCase
 
 
@@ -193,3 +194,15 @@ def test_untrusted_proxy(self):
                                     )
         self.assertEqual(resp.status_code, 302)
         self.assertIn('Requested came from untrusted proxy', cm.output[0])
+
+    @override_settings(
+        AUTH_REMOTEUSER_ENABLED=True,
+        AUTH_REMOTEUSER_USERNAME_HEADER="HTTP_OUR_REMOTE_USER",
+    )
+    def test_api_schema(self):
+        security_definition = RemoteUserScheme.get_security_definition(None, None)
+        self.assertEqual(security_definition, {
+            "type": "apiKey",
+            "in": "header",
+            "name": "Our-remote-user",
+        })
diff --git a/unittests/tools/test_anchore_grype_parser.py b/unittests/tools/test_anchore_grype_parser.py
@@ -278,3 +278,10 @@ def test_grype_issue_9618(self):
         findings = parser.get_findings(testfile, Test())
         testfile.close()
         self.assertEqual(35, len(findings))
+
+    def test_grype_issue_9942(self):
+        testfile = open("unittests/scans/anchore_grype/issue_9942.json")
+        parser = AnchoreGrypeParser()
+        findings = parser.get_findings(testfile, Test())
+        testfile.close()
+        self.assertEqual(1, len(findings))