Merge pull request #10677 from DefectDojo/bugfix

Bugfix -> Dev for 2.37.0

Author: Maffooch

dojo/filters.py

@@ -2886,6 +2886,17 @@ class ReportFindingFilterHelper(FilterSet):
     outside_of_sla = FindingSLAFilter(label="Outside of SLA")
     file_path = CharFilter(lookup_expr="icontains")
 
+    o = OrderingFilter(
+        fields=(
+            ("title", "title"),
+            ("date", "date"),
+            ("numerical_severity", "numerical_severity"),
+            ("epss_score", "epss_score"),
+            ("epss_percentile", "epss_percentile"),
+            ("test__engagement__product__name", "test__engagement__product__name"),
+        ),
+    )
+
     class Meta:
         model = Finding
         # exclude sonarqube issue as by default it will show all without checking permissions

dojo/reports/views.py

@@ -175,7 +175,7 @@ def report_findings(request):
     title_words = get_words_for_field(Finding, "title")
     component_words = get_words_for_field(Finding, "component_name")
 
-    paged_findings = get_page_items(request, findings.qs.distinct().order_by("numerical_severity"), 25)
+    paged_findings = get_page_items(request, findings.qs.distinct(), 25)
 
     return render(request,
                   "dojo/report_findings.html",

dojo/templates/dojo/report_builder.html

@@ -272,52 +272,73 @@ <h4>Available Widgets</h4>
                     .selectpicker('render');
             }
 
-            $(document).on('submit', 'form.finding-list', function (event) {
-                var form = this;
-                $.get("{% url 'report_findings' %}?" + $(this).serialize()).done(function (data) {
+            // Retrieves (report) data at the given url and inserts it as HTMl into $targetEl, and configures filters
+            // on the returned data.
+            function retrieveReportData(url, $targetEl) {
+                $.get(url).done(function (data) {
                     filterFieldInit(
-                        $(form).closest('li.finding-list').html(data)
+                        $targetEl.html(data)
                     );
                     setUpFindingFilters();
                 });
+            }
+
+            // --------
+            // Findings
+            // --------
 
+            // "Apply Filters"
+            $(document).on('submit', 'form.finding-list', function (event) {
+                const $form = $(this);
                 event.preventDefault();
+                retrieveReportData(
+                    "{% url 'report_findings' %}?" + $form.serialize(),
+                    $form.closest('li.finding-list')
+                );
             });
 
-            $(document).on('click', 'form.finding-list a.clear.centered, div.finding-pagination a', function (event) {
-                $.get("{% url 'report_findings' %}").done(function (data) {
-                    filterFieldInit(
-                        $('div.in-use-widgets li.finding-list').html(data)
-                    );
-                    setUpFindingFilters();
-                });
+            // "Clear filters"
+            $(document).on('click', 'form.finding-list a.clear.centered', function (event) {
+                const $a = $(this);
+                event.preventDefault();
+                retrieveReportData("{% url 'report_findings' %}", $a.closest('li.finding-list'));
+            });
 
+            // Sort/order columns and Pagination
+            $(document).on('click', 'li.finding-list th a, div.finding-pagination a', function (event) {
+                const $a = $(this);
                 event.preventDefault();
+                retrieveReportData("{% url 'report_findings' %}" + $a.attr('href'), $a.closest('li.finding-list'));
             });
 
-            $(document).on('submit', 'form.endpoint-list', function (event) {
-                var form = this;
-                $.get("{% url 'report_endpoints' %}?" + $(this).serialize()).done(function (data) {
-                    filterFieldInit(
-                        $(form).closest('li.endpoint-list').html(data)
-                    );
-                    setUpFindingFilters();
-                });
+            /// --------
+            // Endpoints
+            // ---------
 
+            // "Apply filters"
+            $(document).on('submit', 'form.endpoint-list', function (event) {
+                const $form = $(this);
                 event.preventDefault();
+                retrieveReportData(
+                    "{% url 'report_endpoints' %}?" + $form.serialize(),
+                    $form.closest('li.endpoint-list')
+                );
             });
 
-            $(document).on('click', 'form.endpoint-list a.clear.centered, div.endpoint-pagination a', function (event) {
-                $.get("{% url 'report_endpoints' %}").done(function (data) {
-                    filterFieldInit(
-                        $('div.in-use-widgets li.endpoint-list').html(data)
-                    );
-                    setUpFindingFilters();
-                });
-
+            // "Clear filters"
+            $(document).on('click', 'form.endpoint-list a.clear.centered', function (event) {
+                const $a = $(this);
                 event.preventDefault();
+                retrieveReportData("{% url 'report_endpoints' %}", $a.closest('li.endpoint-list'));
             });
 
+            // Pagination
+            $(document).on('click', 'div.endpoint-pagination a', function (event) {
+                const $a = $(this);
+                event.preventDefault();
+                retrieveReportData("{% url 'report_endpoints' %}" + $a.attr('href'), $a.closest('li.endpoint-list'));
+            })
+
             $('[data-toggle="tooltip"]').tooltip()
 
             $(document).on('click', '.in-use-widgets .panel-available-widget .panel-heading', function (event) {

dojo/templates/dojo/report_endpoints.html

@@ -47,8 +47,8 @@ <h6>Filters</h6>
                     </tbody>
                 </table>
             </div>
-            <div class="clearfix">
-                {% include "dojo/paging_snippet.html" with page=findings page_size=False %}
+            <div class="clearfix endpoint-pagination">
+                {% include "dojo/paging_snippet.html" with page=endpoints page_size=False %}
             </div>
 
         {% endif %}

dojo/templates/dojo/report_findings.html

@@ -62,7 +62,7 @@ <h6>Filters</h6>
                     </tbody>
                 </table>
             </div>
-            <div class="clearfix">
+            <div class="clearfix finding-pagination">
                 {% include "dojo/paging_snippet.html" with page=findings page_size=False %}
             </div>
 

dojo/templates/dojo/view_group.html

@@ -3,7 +3,7 @@
 {% load authorization_tags %}
 
 {% block content %}
-<h3 id="id_heading"> Group {{ group.name }}</h3>
+<h3 id="id_heading"> Group: {{ group.name }}</h3>
 <div class="row">
     <div id="tests" class="col-md-8">
         <div class="panel panel-default">
@@ -43,7 +43,7 @@ <h3 class="pull-left">Description</h3>
         <div class="panel panel-default">
             <div class="panel-heading">
                 <div class="clearfix">
-                    <h4 class="pull-left">Members</h4>
+                    <h4 class="pull-left">Members of this Group</h4>
                     &nbsp;
                     <a href="https://documentation.defectdojo.com/usage/permissions/#groups" target="_blank">
                         <i class="fa-solid fa-circle-question"></i></a>
@@ -72,7 +72,7 @@ <h4 class="pull-left">Members</h4>
                     <tr>
                         <th label="Actions"></th>
                         <th>User</th>
-                        <th>Group role</th>
+                        <th>Role in this Group</th>
                     </tr>
                     </thead>
                     <tbody>
@@ -108,15 +108,15 @@ <h4 class="pull-left">Members</h4>
             </div>
             {% else %}
             <div class="panel-body">
-                <small class="text-muted"><em>No members found.</em></small>
+                <small class="text-muted"><em>This Group has no members.</em></small>
             </div>
             {% endif %}
         </div>
 
         <div class="panel panel-default">
             <div class="panel-heading">
                 <div class="clearfix">
-                    <h4 class="pull-left">Product Type Groups</h4>
+                    <h4 class="pull-left">Product Types this Group can access</h4>
                     &nbsp;
                     <a href="https://documentation.defectdojo.com/usage/permissions/" target="_blank">
                         <i class="fa-solid fa-circle-question"></i></a>
@@ -182,15 +182,15 @@ <h4 class="pull-left">Product Type Groups</h4>
             </div>
             {% else %}
             <div class="panel-body">
-                <small class="text-muted"><em>No product type groups found.</em></small>
+                <small class="text-muted"><em>This Group cannot access any Product Types.</em></small>
             </div>
             {% endif %}
         </div>
 
         <div class="panel panel-default">
             <div class="panel-heading">
                 <div class="clearfix">
-                    <h4 class="pull-left">Product Groups</h4>
+                    <h4 class="pull-left">Products this Group can access</h4>
                     &nbsp;
                     <a href="https://documentation.defectdojo.com/usage/permissions/" target="_blank">
                         <i class="fa-solid fa-circle-question"></i></a>
@@ -256,7 +256,7 @@ <h4 class="pull-left">Product Groups</h4>
             </div>
             {% else %}
             <div class="panel-body">
-                <small class="text-muted"><em>No product groups found.</em></small>
+                <small class="text-muted"><em>This Group cannot access any Products.</em></small>
             </div>
             {% endif %}
         </div>

dojo/templates/dojo/view_user.html

@@ -5,7 +5,7 @@
 
 {% block content %}
     {{ block.super }}
-<h3 id="id_heading">{% blocktrans with full_name=user.get_full_name %}User {{ full_name }}{% endblocktrans %}</h3>
+<h3 id="id_heading">{% blocktrans with full_name=user.get_full_name %}User: {{ full_name }}{% endblocktrans %}</h3>
 <div class="row">
     <div id="tests" class="col-md-8">
         <div class="panel panel-default">
@@ -104,7 +104,7 @@ <h4 class="pull-left">{% trans "Contact Information" %}</h4>
         <div class="panel panel-default">
             <div class="panel-heading">
                 <div class="clearfix">
-                    <h4 class="pull-left">{% trans "Product Type Membership" %}</h4>
+                    <h4 class="pull-left">{% trans "Product Types this User can access" %}</h4>
                     &nbsp;
                     <a href="https://documentation.defectdojo.com/usage/permissions/" target="_blank">
                         <i class="fa-solid fa-circle-question"></i></a>
@@ -170,14 +170,14 @@ <h4 class="pull-left">{% trans "Product Type Membership" %}</h4>
             </div>
             {% else %}
             <div class="panel-body">
-                <small class="text-muted"><em>{% trans "No product type members found." %}</em></small>
+                <small class="text-muted"><em>{% trans "This User is not assigned to any Product Types." %}</em></small>
             </div>
             {% endif %}
         </div>
         <div class="panel panel-default">
             <div class="panel-heading">
                 <div class="clearfix">
-                    <h4 class="pull-left">{% trans "Product Membership" %}</h4>
+                    <h4 class="pull-left">{% trans "Products this User can access" %}</h4>
                     &nbsp;
                     <a href="https://documentation.defectdojo.com/usage/permissions/" target="_blank">
                         <i class="fa-solid fa-circle-question"></i></a>
@@ -243,15 +243,15 @@ <h4 class="pull-left">{% trans "Product Membership" %}</h4>
             </div>
             {% else %}
             <div class="panel-body">
-                <small class="text-muted"><em>{% trans "No product members found." %}</em></small>
+                <small class="text-muted"><em>{% trans "This User is not assigned to any Products." %}</em></small>
             </div>
             {% endif %}
         </div>
 
         <div class="panel panel-default">
             <div class="panel-heading">
                 <div class="clearfix">
-                    <h4 class="pull-left">{% trans "Group Membership" %}</h4>
+                    <h4 class="pull-left">{% trans "Groups this User is a member of" %}</h4>
                     &nbsp;
                     <a href="https://documentation.defectdojo.com/usage/permissions/#groups" target="_blank">
                         <i class="fa-solid fa-circle-question"></i></a>
@@ -280,7 +280,7 @@ <h4 class="pull-left">{% trans "Group Membership" %}</h4>
                     <tr>
                         <th></th>
                         <th>{% trans "Group" %}</th>
-                        <th>{% trans "Group role" %}</th>
+                        <th>{% trans "Role in this Group" %}</th>
                     </tr>
                     </thead>
                     <tbody>
@@ -317,7 +317,7 @@ <h4 class="pull-left">{% trans "Group Membership" %}</h4>
             </div>
             {% else %}
             <div class="panel-body">
-                <small class="text-muted"><em>{% trans "No group members found." %}</em></small>
+                <small class="text-muted"><em>{% trans "This User is not a member of any Groups." %}</em></small>
             </div>
             {% endif %}
         </div>

dojo/tools/bearer_cli/parser.py

@@ -3,7 +3,7 @@
 from dojo.models import Finding
 
 
-class BearerParser:
+class BearerCLIParser:
     """
     Bearer CLI tool is a SAST scanner for multiple languages
     """

unittests/test_factory.py

@@ -1,7 +1,14 @@
+import logging
+import os
+from importlib import import_module
+from importlib.util import find_spec
+from inspect import isclass
+
 from dojo.models import Test, Test_Type
 from dojo.tools.factory import get_parser
+from unittests.dojo_test_case import DojoTestCase, get_unit_tests_path
 
-from .dojo_test_case import DojoTestCase, get_unit_tests_path
+logger = logging.getLogger(__name__)
 
 
 class TestFactory(DojoTestCase):
@@ -53,3 +60,28 @@ def test_get_parser_test_active_in_db(self):
         )
         parser = get_parser(scan_type)
         self.assertIsNotNone(parser)
+
+    def test_parser_name_matches_module(self):
+        """Test to ensure that parsers' class names match their module names"""
+        package_dir = "dojo/tools"
+        module_names = os.listdir(package_dir)
+        missing_parsers = []
+        excluded_parsers = [
+            "wizcli_common_parsers",  # common class for other wizcli parsers, there is not parsing here
+        ]
+        for module_name in module_names:
+            if module_name in excluded_parsers:
+                continue
+            if os.path.isdir(os.path.join(package_dir, module_name)):
+                found = False
+                if find_spec(f"dojo.tools.{module_name}.parser"):
+                    module = import_module(f"dojo.tools.{module_name}.parser")
+                    for attribute_name in dir(module):
+                        attribute = getattr(module, attribute_name)
+                        if isclass(attribute) and attribute_name.lower() == module_name.replace("_", "") + "parser":
+                            found = True
+                if not found and module_name != "__pycache__":
+                    missing_parsers.append(module_name)
+        if len(missing_parsers) > 0:
+            logger.error(f"Parsers with invalid names: {missing_parsers}")
+        self.assertEqual(0, len(missing_parsers))

unittests/tools/test_bearer_cli_parser.py

@@ -1,14 +1,14 @@
 from django.test import TestCase
 
 from dojo.models import Test
-from dojo.tools.bearer_cli.parser import BearerParser
+from dojo.tools.bearer_cli.parser import BearerCLIParser
 
 
 class TestBearerParser(TestCase):
 
     def test_bearer_parser_with_one_vuln_has_one_findings(self):
         testfile = open("unittests/scans/bearer_cli/bearer_cli_one_vul.json")
-        parser = BearerParser()
+        parser = BearerCLIParser()
         findings = parser.get_findings(testfile, Test())
         testfile.close()
         self.assertEqual(1, len(findings))
@@ -22,7 +22,7 @@ def test_bearer_parser_with_one_vuln_has_one_findings(self):
 
     def test_bearer_parser_with_many_vuln_has_many_findings(self):
         testfile = open("unittests/scans/bearer_cli/bearer_cli_many_vul.json")
-        parser = BearerParser()
+        parser = BearerCLIParser()
         findings = parser.get_findings(testfile, Test())
         testfile.close()
         self.assertEqual(4, len(findings))