Skip to content

Commit

Permalink
Merge pull request DefectDojo#11187 from DefectDojo/bugfix
Browse files Browse the repository at this point in the history
Release 2.40.0: Merge Bugfix into Dev
  • Loading branch information
rossops authored Nov 4, 2024
2 parents 2171d67 + 9273050 commit c654252
Show file tree
Hide file tree
Showing 17 changed files with 527 additions and 271 deletions.
259 changes: 15 additions & 244 deletions docs/assets/icons/logo.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
6 changes: 6 additions & 0 deletions docs/config.dev.toml
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,12 @@ weight = 1
pre = "<i class='fab fa-github'></i>"
url = "https://github.com/DefectDojo/django-DefectDojo"

[[menu.main]]
name = "Knowledge Base"
weight = 50
pre = "<i class='fas fa-atlas'></i>"
url = "https://support.defectdojo.com"

[markup]
[markup.goldmark]
[markup.goldmark.renderer]
Expand Down
6 changes: 6 additions & 0 deletions docs/config.master.toml
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,12 @@ weight = 1
pre = "<i class='fab fa-github'></i>"
url = "https://github.com/DefectDojo/django-DefectDojo"

[[menu.main]]
name = "Knowledge Base"
weight = 50
pre = "<i class='fas fa-atlas'></i>"
url = "https://support.defectdojo.com"

[markup]
[markup.goldmark]
[markup.goldmark.renderer]
Expand Down
16 changes: 14 additions & 2 deletions docs/content/en/contributing/how-to-write-a-parser.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,9 @@ All commands assume that you're located at the root of the django-DefectDojo clo
- It's advised that you create a dedicated branch for your development, such as `git checkout -b parser-name`.

It is easiest to use the docker compose deployment as it has hot-reload capbility for uWSGI.
Set up your environment to use the debug environment:
Set up your environment to use the dev environment:

`$ docker/setEnv.sh debug`
`$ docker/setEnv.sh dev`

Please have a look at [DOCKER.md](https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/DOCKER.md) for more details.

Expand Down Expand Up @@ -294,12 +294,24 @@ This local command will launch the unit test for your new parser
$ docker compose exec uwsgi bash -c 'python manage.py test unittests.tools.<your_unittest_py_file>.<main_class_name> -v2'
{{< /highlight >}}

or like this:

{{< highlight bash >}}
$ ./dc-unittest.sh --test-case unittests.tools.<your_unittest_py_file>.<main_class_name>
{{< /highlight >}}

Example for the blackduck hub parser:

{{< highlight bash >}}
$ docker compose exec uwsgi bash -c 'python manage.py test unittests.tools.test_blackduck_csv_parser.TestBlackduckHubParser -v2'
{{< /highlight >}}

or like this:

{{< highlight bash >}}
$ ./dc-unittest.sh --test-case unittests.tools.test_blackduck_csv_parser.TestBlackduckHubParser
{{< /highlight >}}

{{% alert title="Information" color="info" %}}
If you want to run all unit tests, simply run `$ docker compose exec uwsgi bash -c 'python manage.py test unittests -v2'`
{{% /alert %}}
Expand Down
4 changes: 2 additions & 2 deletions docs/content/en/getting_started/installation.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@ See instructions in [DOCKER.md](<https://github.com/DefectDojo/django-DefectDojo

### SaaS (Includes Support & Supports the Project)

[SaaS link](https://www.defectdojo.com/pricing)
[SaaS link](https://defectdojo.com/platform)

### AWS AMI (Supports the Project)

[Marketplace link](https://aws.amazon.com/marketplace/pp/prodview-m2a25gr67xbzk), and complete [walkthrough](https://www.10security.com/defectdojo-aws-launch-guide)
[Marketplace link](https://aws.amazon.com/marketplace/pp/prodview-m2a25gr67xbzk), and complete [walkthrough](https://defectdojo.com/defectdojo-aws-launch-guide)

---
## **Options for the brave (not officially supported)**
Expand Down
7 changes: 7 additions & 0 deletions dojo/api_v2/serializers.py
Original file line number Diff line number Diff line change
Expand Up @@ -2257,6 +2257,13 @@ def setup_common_context(self, data: dict) -> dict:
if context.get("scan_date")
else None
)

# engagement end date was not being used at all and so target_end would also turn into None
# in this case, do not want to change target_end unless engagement_end exists
eng_end_date = context.get("engagement_end_date", None)
if eng_end_date:
context["target_end"] = context.get("engagement_end_date")

return context


Expand Down
2 changes: 1 addition & 1 deletion dojo/settings/.settings.dist.py.sha256sum
Original file line number Diff line number Diff line change
@@ -1 +1 @@
39cdd5dfe53499bfe201d3e5a0f55b20514272235e86db7d5238f2663b79f946
6b9365d002880ae64ab54da905ede076db5a8661960f8f1e2793b7f4d25ff7e8
3 changes: 2 additions & 1 deletion dojo/settings/settings.dist.py
Original file line number Diff line number Diff line change
Expand Up @@ -276,7 +276,7 @@
DD_DELETE_PREVIEW=(bool, True),
# List of acceptable file types that can be uploaded to a given object via arbitrary file upload
DD_FILE_UPLOAD_TYPES=(list, [".txt", ".pdf", ".json", ".xml", ".csv", ".yml", ".png", ".jpeg",
".sarif", ".xlsx", ".doc", ".html", ".js", ".nessus", ".zip"]),
".sarif", ".xlsx", ".doc", ".html", ".js", ".nessus", ".zip", ".fpr"]),
# Max file size for scan added via API in MB
DD_SCAN_FILE_MAX_SIZE=(int, 100),
# When disabled, existing user tokens will not be removed but it will not be
Expand Down Expand Up @@ -1742,6 +1742,7 @@ def saml2_attrib_map_format(dict):
"USN": "https://ubuntu.com/security/notices/", # e.g. https://ubuntu.com/security/notices/USN-6642-1
"DLA": "https://security-tracker.debian.org/tracker/", # e.g. https://security-tracker.debian.org/tracker/DLA-3917-1
"ELSA": "https://linux.oracle.com/errata/&&.html", # e.g. https://linux.oracle.com/errata/ELSA-2024-12714.html
"ELBA": "https://linux.oracle.com/errata/&&.html", # e.g. https://linux.oracle.com/errata/ELBA-2024-7457.html
"RXSA": "https://errata.rockylinux.org/", # e.g. https://errata.rockylinux.org/RXSA-2024:4928
}
# List of acceptable file types that can be uploaded to a given object via arbitrary file upload
Expand Down
3 changes: 3 additions & 0 deletions dojo/tools/tenable/csv_format.py
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,9 @@ def get_findings(self, filename: str, test: Test):
mitigation = str(row.get("Solution", row.get("definition.solution", row.get("Steps to Remediate", "N/A"))))
impact = row.get("Description", row.get("definition.description", "N/A"))
references = row.get("See Also", row.get("definition.see_also", "N/A"))
references += "\nTenable Plugin ID: " + row.get("Plugin", "N/A")
references += "\nPlugin Publication Date: " + row.get("Plugin Publication Date", "N/A")
references += "\nPlugin Modification Date: " + row.get("Plugin Modification Date", "N/A")
# Determine if the current row has already been processed
dupe_key = (
severity
Expand Down
14 changes: 13 additions & 1 deletion dojo/tools/trivy_operator/checks_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,15 @@


class TrivyChecksHandler:
def handle_checks(self, service, checks, test):
def handle_checks(self, labels, checks, test):
findings = []
resource_namespace = labels.get("trivy-operator.resource.namespace", "")
resource_kind = labels.get("trivy-operator.resource.kind", "")
resource_name = labels.get("trivy-operator.resource.name", "")
container_name = labels.get("trivy-operator.container.name", "")
service = f"{resource_namespace}/{resource_kind}/{resource_name}"
if container_name != "":
service = f"{service}/{container_name}"
for check in checks:
check_title = check.get("title")
check_severity = TRIVY_SEVERITIES[check.get("severity")]
Expand All @@ -23,6 +30,10 @@ def handle_checks(self, service, checks, test):
+ check_id.lower()
)
check_description = check.get("description", "")
check_description += "\n**container.name:** " + container_name
check_description += "\n**resource.kind:** " + resource_kind
check_description += "\n**resource.name:** " + resource_name
check_description += "\n**resource.namespace:** " + resource_namespace
title = f"{check_id} - {check_title}"
finding = Finding(
test=test,
Expand All @@ -33,6 +44,7 @@ def handle_checks(self, service, checks, test):
static_finding=True,
dynamic_finding=False,
service=service,
tags=[resource_namespace],
)
if check_id:
finding.unsaved_vulnerability_ids = [check_id]
Expand Down
23 changes: 11 additions & 12 deletions dojo/tools/trivy_operator/parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,15 @@ def get_findings(self, scan_file, test):
data = json.loads(str(scan_data, "utf-8"))
except Exception:
data = json.loads(scan_data)
findings = []
if type(data) is list:
for listitems in data:
findings += self.output_findings(listitems, test)
else:
findings += self.output_findings(data, test)
return findings

def output_findings(self, data, test):
if data is None:
return []
metadata = data.get("metadata", None)
Expand All @@ -40,24 +48,15 @@ def get_findings(self, scan_file, test):
benchmarkreport = benchmark.get("detailReport", None)
findings = []
if report is not None:
resource_namespace = labels.get(
"trivy-operator.resource.namespace", "",
)
resource_kind = labels.get("trivy-operator.resource.kind", "")
resource_name = labels.get("trivy-operator.resource.name", "")
container_name = labels.get("trivy-operator.container.name", "")
service = f"{resource_namespace}/{resource_kind}/{resource_name}"
if container_name != "":
service = f"{service}/{container_name}"
vulnerabilities = report.get("vulnerabilities", None)
if vulnerabilities is not None:
findings += TrivyVulnerabilityHandler().handle_vulns(service, vulnerabilities, test)
findings += TrivyVulnerabilityHandler().handle_vulns(labels, vulnerabilities, test)
checks = report.get("checks", None)
if checks is not None:
findings += TrivyChecksHandler().handle_checks(service, checks, test)
findings += TrivyChecksHandler().handle_checks(labels, checks, test)
secrets = report.get("secrets", None)
if secrets is not None:
findings += TrivySecretsHandler().handle_secrets(service, secrets, test)
findings += TrivySecretsHandler().handle_secrets(labels, secrets, test)
elif benchmarkreport is not None:
findings += TrivyComplianceHandler().handle_compliance(benchmarkreport, test)
return findings
15 changes: 13 additions & 2 deletions dojo/tools/trivy_operator/secrets_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,15 @@


class TrivySecretsHandler:
def handle_secrets(self, service, secrets, test):
def handle_secrets(self, labels, secrets, test):
findings = []
resource_namespace = labels.get("trivy-operator.resource.namespace", "")
resource_kind = labels.get("trivy-operator.resource.kind", "")
resource_name = labels.get("trivy-operator.resource.name", "")
container_name = labels.get("trivy-operator.container.name", "")
service = f"{resource_namespace}/{resource_kind}/{resource_name}"
if container_name != "":
service = f"{service}/{container_name}"
for secret in secrets:
secret_title = secret.get("title")
secret_category = secret.get("category")
Expand All @@ -31,7 +38,10 @@ def handle_secrets(self, service, secrets, test):
category=secret_category,
match=secret_match,
)

secret_description += "\n**container.name:** " + container_name
secret_description += "\n**resource.kind:** " + resource_kind
secret_description += "\n**resource.name:** " + resource_name
secret_description += "\n**resource.namespace:** " + resource_namespace
finding = Finding(
test=test,
title=title,
Expand All @@ -42,6 +52,7 @@ def handle_secrets(self, service, secrets, test):
static_finding=True,
dynamic_finding=False,
service=service,
tags=[resource_namespace],
)
if secret_rule_id:
finding.unsaved_vulnerability_ids = [secret_rule_id]
Expand Down
17 changes: 13 additions & 4 deletions dojo/tools/trivy_operator/vulnerability_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,15 @@


class TrivyVulnerabilityHandler:
def handle_vulns(self, service, vulnerabilities, test):
def handle_vulns(self, labels, vulnerabilities, test):
findings = []
resource_namespace = labels.get("trivy-operator.resource.namespace", "")
resource_kind = labels.get("trivy-operator.resource.kind", "")
resource_name = labels.get("trivy-operator.resource.name", "")
container_name = labels.get("trivy-operator.container.name", "")
service = f"{resource_namespace}/{resource_kind}/{resource_name}"
if container_name != "":
service = f"{service}/{container_name}"
for vulnerability in vulnerabilities:
vuln_id = vulnerability.get("vulnerabilityID", "0")
severity = TRIVY_SEVERITIES[vulnerability.get("severity")]
Expand All @@ -24,8 +31,7 @@ def handle_vulns(self, service, vulnerabilities, test):
package_name = vulnerability.get("resource")
package_version = vulnerability.get("installedVersion")
cvssv3_score = vulnerability.get("score")

finding_tags = []
finding_tags = [resource_namespace]
target_target = None
target_class = None
package_path = None
Expand Down Expand Up @@ -57,7 +63,10 @@ def handle_vulns(self, service, vulnerabilities, test):
description = DESCRIPTION_TEMPLATE.format(
title=vulnerability.get("title"), fixed_version=mitigation,
)

description += "\n**container.name:** " + container_name
description += "\n**resource.kind:** " + resource_kind
description += "\n**resource.name:** " + resource_name
description += "\n**resource.namespace:** " + resource_namespace
title = f"{vuln_id} {package_name} {package_version}"
finding = Finding(
test=test,
Expand Down
2 changes: 1 addition & 1 deletion helm/defectdojo/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ data:
DD_CELERY_BROKER_SCHEME: {{ if eq .Values.celery.broker "redis" }}{{ template "redis.scheme" . }}{{ end }}
DD_CELERY_BROKER_USER: ''
DD_CELERY_BROKER_HOST: {{ if eq .Values.celery.broker "redis" }}{{ template "redis.hostname" . }}{{ end }}
DD_CELERY_BROKER_PORT: '{{ if eq .Values.celery.broker "redis" }}{{ .Values.redis.master.service.ports.redis | default "6379" }}{{ end }}'
DD_CELERY_BROKER_PORT: '{{ if eq .Values.celery.broker "redis" }}{{- if ( hasKey .Values.redis "master" ) -}}{{ .Values.redis.master.service.ports.redis }}{{ else }}6379{{ end }}{{- end -}}'
DD_CELERY_BROKER_PARAMS: '{{ if eq .Values.celery.broker "redis" }}{{- if .Values.redis.transportEncryption.enabled -}}{{ .Values.redis.transportEncryption.params | default "ssl_cert_reqs=optional" }}{{ end }}{{ end }}'
DD_CELERY_BROKER_PATH: '{{ .Values.celery.path | default "//" }}'
DD_CELERY_LOG_LEVEL: {{ .Values.celery.logLevel }}
Expand Down
Loading

0 comments on commit c654252

Please sign in to comment.