Merge pull request #10784 from DefectDojo/master-into-dev/2.37.2-2.38.0-dev

Maffooch · web-flow · commit b98e18204853 · 2024-08-19T11:57:29.000-05:00
Release: Merge back 2.37.2 into dev from: master-into-dev/2.37.2-2.38.0-dev
diff --git a/.github/workflows/build-docker-images-for-testing.yml b/.github/workflows/build-docker-images-for-testing.yml
@@ -37,6 +37,8 @@ jobs:
         id: docker_build
         uses: docker/build-push-action@v6
         timeout-minutes: 10
+        env:
+          DOCKER_BUILD_CHECKS_ANNOTATIONS: false
         with:
           context: .
           push: false
@@ -53,4 +55,4 @@ jobs:
         with:
           name: ${{ matrix.docker-image }}
           path: ${{ matrix.docker-image }}-${{ matrix.os }}_img
-          retention-days: 1
+          retention-days: 1
diff --git a/.github/workflows/k8s-tests.yml b/.github/workflows/k8s-tests.yml
@@ -70,26 +70,28 @@ jobs:
               echo "pgsql=${{ env.HELM_PG_DATABASE_SETTINGS }}" >> $GITHUB_ENV
               echo "redis=${{ env.HELM_REDIS_BROKER_SETTINGS }}" >> $GITHUB_ENV
 
-      - name: Deploying Djano application with ${{ matrix.databases }} ${{ matrix.brokers }}
-        timeout-minutes: 10 
+      - name: Deploying Django application with ${{ matrix.databases }} ${{ matrix.brokers }}
+        timeout-minutes: 15 
         run: |-
              helm install \
                --timeout 800s \
+               --wait \
+               --wait-for-jobs \
                defectdojo \
                ./helm/defectdojo \
                --set django.ingress.enabled=true \
                --set imagePullPolicy=Never \
                ${{ env[matrix.databases] }} \
                ${{ env[matrix.brokers] }} \
                --set createSecret=true \
-               --set tag=${{ matrix.os }} \
-               # --set imagePullSecrets=defectdojoregistrykey
+               --set tag=${{ matrix.os }}
 
       - name: Check deployment status
+        if: always()
         run: |-
-             kubectl get pods
-             kubectl get ingress
-             kubectl get services
+             kubectl get all,ingress  # all = pods, services, deployments, replicasets, statefulsets, jobs
+             helm status defectdojo
+             helm history defectdojo
 
       - name: Check Application
         timeout-minutes: 10
diff --git a/.github/workflows/release-x-manual-docker-containers.yml b/.github/workflows/release-x-manual-docker-containers.yml
@@ -65,6 +65,7 @@ jobs:
         if: ${{ matrix.os  == 'debian' }}
         uses: docker/build-push-action@v6
         env:
+          DOCKER_BUILD_CHECKS_ANNOTATIONS: false
           REPO_ORG: ${{ env.repoorg }}
           docker-image: ${{ matrix.docker-image }}
         with:
@@ -79,6 +80,7 @@ jobs:
         if: ${{ matrix.os  == 'alpine' }}
         uses: docker/build-push-action@v6
         env:
+          DOCKER_BUILD_CHECKS_ANNOTATIONS: false
           REPO_ORG: ${{ env.repoorg }}
           docker-image: ${{ matrix.docker-image }}
         with:
diff --git a/docs/content/en/_index.md b/docs/content/en/_index.md
@@ -40,7 +40,7 @@ The open-source edition is [available on
 GitHub](https://github.com/DefectDojo/django-DefectDojo).
 
 A running example is available on [our demo server](https://demo.defectdojo.org),
-using the credentials `admin` / `defectdojo@demo#appsec`. Note: The demo
+using the credentials `admin` / `1Defectdojo@demo#appsec`. Note: The demo
 server is refreshed regularly and provisioned with some sample data.
 
 ### DefectDojo Pro and Enterprise
diff --git a/dojo/filters.py b/dojo/filters.py
@@ -1543,7 +1543,7 @@ def filter(self, qs, value):
 
 class FindingFilterHelper(FilterSet):
     title = CharFilter(lookup_expr="icontains")
-    date = DateFromToRangeFilter(field_name="date", label="Date Discovered")
+    date = DateRangeFilter(field_name="date", label="Date Discovered")
     on = DateFilter(field_name="date", lookup_expr="exact", label="On")
     before = DateFilter(field_name="date", lookup_expr="lt", label="Before")
     after = DateFilter(field_name="date", lookup_expr="gt", label="After")
@@ -2874,6 +2874,7 @@ class Meta:
 class ReportFindingFilterHelper(FilterSet):
     title = CharFilter(lookup_expr="icontains", label="Name")
     date = DateFromToRangeFilter(field_name="date", label="Date Discovered")
+    date_recent = DateRangeFilter(field_name="date", label="Relative Date")
     severity = MultipleChoiceFilter(choices=SEVERITY_CHOICES)
     active = ReportBooleanFilter()
     is_mitigated = ReportBooleanFilter()
diff --git a/dojo/templates/dojo/custom_html_report_endpoint_list.html b/dojo/templates/dojo/custom_html_report_endpoint_list.html
@@ -151,7 +151,7 @@ <h6>References</h6>
             <pre>{{ finding.references|markdown_render }}</pre>
             {% endif %}
             {% if include_finding_images %}
-                {% include "dojo/snippets/file_images.html" with size='original' obj=finding format="HTML" %}
+                {% include "dojo/snippets/file_images.html" with size='original' obj=finding format="INLINE" %}
             {% endif %}
             {% if include_finding_notes %}
                 {% with notes=finding.notes.all|get_public_notes %}
diff --git a/dojo/templates/dojo/custom_html_report_finding_list.html b/dojo/templates/dojo/custom_html_report_finding_list.html
@@ -154,7 +154,7 @@ <h6>References</h6>
         {% endif %}
 
         {% if include_finding_images %}
-            {% include "dojo/snippets/file_images.html" with size='original' obj=finding format="HTML" %}
+            {% include "dojo/snippets/file_images.html" with size='original' obj=finding format="INLINE" %}
         {% endif %}
         {% if include_finding_notes %}
             {% with notes=finding.notes.all|get_public_notes %}
diff --git a/dojo/templates/dojo/snippets/file_images.html b/dojo/templates/dojo/snippets/file_images.html
@@ -9,6 +9,15 @@ <h6>Images</h6>
             <p class="text-center">No images found.</p>
         {% endfor %}
     {% endwith %}
+{% elif format == "INLINE" %}
+    {% with images=obj|file_images %}
+        <h6>Images</h6>
+        {% for pic in images %}
+            <p><img src="{{ pic|inline_image }}" style="max-width: 85%" alt="Finding Image"></p>
+        {% empty %}
+            <p class="text-center">No images found.</p>
+        {% endfor %}
+    {% endwith %}
 {% else %}
     {% with images=obj|file_images %}
         {% for pic in images %}
diff --git a/dojo/templatetags/display_tags.py b/dojo/templatetags/display_tags.py
@@ -1,5 +1,7 @@
+import base64
 import datetime
 import logging
+import mimetypes
 from itertools import chain
 
 import bleach
@@ -420,6 +422,18 @@ def pic_token(context, image, size):
     return reverse("download_finding_pic", args=[token.token])
 
 
+@register.filter
+def inline_image(image_file):
+    try:
+        if img_type := mimetypes.guess_type(image_file.file.name)[0]:
+            if img_type.startswith("image/"):
+                img_data = base64.b64encode(image_file.file.read())
+                return f"data:{img_type};base64, {img_data.decode('utf-8')}"
+    except:
+        pass
+    return ""
+
+
 @register.filter
 def file_images(obj):
     return get_file_images(obj, return_objects=True)
diff --git a/dojo/tools/nmap/parser.py b/dojo/tools/nmap/parser.py
@@ -96,9 +96,12 @@ def get_findings(self, file, test):
                         service_info += (
                             "**Extra Info:** {}\n".format(port_element.find("service").attrib["extrainfo"])
                         )
-
                     description += service_info
-
+                if script := port_element.find("script"):
+                    if script_id := script.attrib.get("id"):
+                        description += f"**Script ID:** {script_id}\n"
+                    if script_output := script.attrib.get("output"):
+                        description += f"**Script Output:** {script_output}\n"
                 description += "\n\n"
 
                 # manage some script like
diff --git a/dojo/utils.py b/dojo/utils.py
@@ -1969,6 +1969,14 @@ def _create_notifications():
             for finding in findings:
                 total_count += 1
                 sla_age = finding.sla_days_remaining()
+
+                # get the sla enforcement for the severity and, if the severity setting is not enforced, do not notify
+                # resolves an issue where notifications are always sent for the severity of SLA that is not enforced
+                severity, enforce = finding.get_sla_period()
+                if not enforce:
+                    logger.debug(f"SLA is not enforced for Finding {finding.id} of {severity} severity, skipping notification.")
+                    continue
+
                 # if SLA is set to 0 in settings, it's a null. And setting at 0 means no SLA apparently.
                 if sla_age is None:
                     sla_age = 0
diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "2.38.0-dev"
 description: A Helm chart for Kubernetes to install DefectDojo
 name: defectdojo
-version: 1.6.146-dev
+version: 1.6.147-dev
 icon: https://www.defectdojo.org/img/favicon.ico
 maintainers:
   - name: madchap
diff --git a/helm/defectdojo/templates/initializer-job.yaml b/helm/defectdojo/templates/initializer-job.yaml
@@ -48,6 +48,24 @@ spec:
           path: {{ .hostPath }}
           {{- end }}
       {{- end }}
+      initContainers:
+      - name: wait-for-db
+        command:
+        - '/bin/bash'
+        - '-c'
+        - '/wait-for-it.sh ${DD_DATABASE_HOST:-postgres}:${DD_DATABASE_PORT:-5432} -t 30 -s -- /bin/echo Database is up'
+        image: '{{ template "django.uwsgi.repository" . }}:{{ .Values.tag }}'
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        {{- if .Values.securityContext.enabled }}
+        securityContext:
+          {{- toYaml .Values.securityContext.djangoSecurityContext | nindent 10 }}
+        {{- end }}
+        envFrom:
+        - configMapRef:
+            name: {{ $fullName }}
+        - secretRef:
+            name: {{ $fullName }}
+            optional: true
       containers:
       {{- if .Values.cloudsql.enabled  }}
       - name: cloudsql-proxy
diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml
@@ -318,9 +318,7 @@ django:
 
 initializer:
   run: true
-  jobAnnotations: {
-    helm.sh/hook: "post-install,post-upgrade"
-  }
+  jobAnnotations: {}
   annotations: {}
   labels: {}
   keepSeconds: 60
diff --git a/unittests/tools/test_nmap_parser.py b/unittests/tools/test_nmap_parser.py
@@ -131,3 +131,6 @@ def test_parse_issue4406(self):
                 self.assertEqual("ip-10-250-195-71.eu-west-1.compute.internal", endpoint.host)
                 self.assertEqual(31641, endpoint.port)
                 self.assertEqual("tcp", endpoint.protocol)
+            with self.subTest(i=55):
+                finding = findings[55]
+                self.assertEqual("### Host\n\n**IP Address:** 10.250.195.71\n**FQDN:** ip-10-250-195-71.eu-west-1.compute.internal\n\n\n**Port/Protocol:** 30150/tcp\n\n\n**Script ID:** fingerprint-strings\n**Script Output:** \n  GenericLines: \n    E_BAD_PROTOCOL\n\n\n", finding.description)
