Endpoint_Status: Optimize DB (remove redundancy) #6193
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
New Migration
kiblik
force-pushed
the
remove_finding_endpoint_status
branch
3 times, most recently
from
72c970d to
0a85587
Compare
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py index 592b6bb..83c5fc5 100644 --- a/dojo/api_v2/views.py +++ b/dojo/api_v2/views.py @@ -507,7 +507,7 @@ class FindingViewSet(prefetch.PrefetchListMixin, 'finding_group_set', 'files', 'burprawrequestresponse_set', - 'endpoint_status', + 'status_finding', 'finding_meta', 'test__test_type', 'test__engagement', @@ -1757,7 +1757,7 @@ class TestImportViewSet(prefetch.PrefetchListMixin, 'test_import_finding_action_set', 'findings_affected', 'findings_affected__endpoints', - 'findings_affected__endpoint_status', + 'findings_affected__status_finding', 'findings_affected__finding_meta', 'findings_affected__jira_issue', 'findings_affected__burprawrequestresponse_set', diff --git a/dojo/endpoint/views.py b/dojo/endpoint/views.py index 4bfb080..dd23975 100644 --- a/dojo/endpoint/views.py +++ b/dojo/endpoint/views.py @@ -32,10 +32,17 @@ logger = logging.getLogger(__name__) def process_endpoints_view(request, host_view=False, vulnerable=False): if vulnerable: - endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__false_p=False, - finding__duplicate=False, finding__out_of_scope=False) - # TODO - endpoints = endpoints.filter(endpoint_status__mitigated=False) + endpoints = Endpoint.objects.filter( + finding__active=True, + finding__verified=True, + finding__out_of_scope=False, + finding__mitigated__isnull=True, + finding__false_p=False, + finding__duplicate=False, + status_endpoint__mitigated=False, + status_endpoint__false_positive=False, + status_endpoint__out_of_scope=False, + status_endpoint__risk_accepted=False) else: endpoints = Endpoint.objects.all() @@ -121,7 +128,7 @@ def process_endpoint_view(request, eid, host_view=False): else: endpoints = None endpoint_metadata = dict(endpoint.endpoint_meta.values_list('name', 'value')) - all_findings = endpoint.findings() + all_findings = endpoint.findings.all() active_findings = endpoint.active_findings() if all_findings: diff --git a/dojo/filters.py b/dojo/filters.py index 6a24a0b..5c07ae8 100644 --- a/dojo/filters.py +++ b/dojo/filters.py @@ -1132,7 +1132,7 @@ class ApiFindingFilter(DojoFilter): class Meta: model = Finding exclude = ['url', 'thread_id', 'notes', 'files', - 'line', 'endpoint_status', 'cve'] + 'line', 'cve'] class FindingFilter(FindingFilterWithTags): @@ -1292,7 +1292,7 @@ class FindingFilter(FindingFilterWithTags): 'endpoints', 'references', 'thread_id', 'notes', 'scanner_confidence', 'numerical_severity', 'line', 'duplicate_finding', - 'hash_code', 'endpoint_status', + 'hash_code', 'reviewers', 'created', 'files', 'sla_start_date', 'cvssv3', 'severity_justification', 'steps_to_reproduce'] @@ -1716,7 +1716,7 @@ class EndpointFilter(DojoFilter): class Meta: model = Endpoint - fields = '__all__' + exclude = ['findings'] class ApiEndpointFilter(DojoFilter): @@ -1928,8 +1928,8 @@ class ReportFindingFilter(FindingFilterWithTags): model = Finding # exclude sonarqube issue as by default it will show all without checking permissions exclude = ['date', 'cwe', 'url', 'description', 'mitigation', 'impact', - 'endpoint', 'references', 'test', 'sonarqube_issue', - 'thread_id', 'notes', 'endpoint_status', + 'references', 'test', 'sonarqube_issue', + 'thread_id', 'notes', 'endpoints', 'numerical_severity', 'reporter', 'last_reviewed', 'jira_creation', 'jira_change', 'files'] diff --git a/dojo/finding/views.py b/dojo/finding/views.py index aafd48b..9b58860 100644 --- a/dojo/finding/views.py +++ b/dojo/finding/views.py @@ -213,10 +213,9 @@ def prefetch_for_findings(findings, prefetch_type='all'): prefetched_findings = prefetched_findings.prefetch_related('notes') prefetched_findings = prefetched_findings.prefetch_related('tags') prefetched_findings = prefetched_findings.prefetch_related('endpoints') - prefetched_findings = prefetched_findings.prefetch_related('endpoint_status') - prefetched_findings = prefetched_findings.prefetch_related('endpoint_status__endpoint') - prefetched_findings = prefetched_findings.annotate(active_endpoint_count=Count('endpoint_status__id', filter=Q(endpoint_status__mitigated=False))) - prefetched_findings = prefetched_findings.annotate(mitigated_endpoint_count=Count('endpoint_status__id', filter=Q(endpoint_status__mitigated=True))) + prefetched_findings = prefetched_findings.prefetch_related('status_finding') + prefetched_findings = prefetched_findings.annotate(active_endpoint_count=Count('status_finding__id', filter=Q(status_finding__mitigated=False))) + prefetched_findings = prefetched_findings.annotate(mitigated_endpoint_count=Count('status_finding__id', filter=Q(status_finding__mitigated=True))) prefetched_findings = prefetched_findings.prefetch_related('finding_group_set') prefetched_findings = prefetched_findings.prefetch_related('test__engagement__product__members') prefetched_findings = prefetched_findings.prefetch_related('test__engagement__product__prod_type__members') diff --git a/dojo/forms.py b/dojo/forms.py index 647eeb7..81bd00c 100755 --- a/dojo/forms.py +++ b/dojo/forms.py @@ -926,7 +926,7 @@ class AddFindingForm(forms.ModelForm): class Meta: model = Finding exclude = ('reporter', 'url', 'numerical_severity', 'under_review', 'reviewers', 'cve', - 'review_requested_by', 'is_mitigated', 'jira_creation', 'jira_change', 'endpoint_status', 'sla_start_date') + 'review_requested_by', 'is_mitigated', 'jira_creation', 'jira_change', 'endpoints', 'sla_start_date') class AdHocFindingForm(forms.ModelForm): diff --git a/dojo/models.py b/dojo/models.py index 5e89b3c..48ae52a 100755 --- a/dojo/models.py +++ b/dojo/models.py @@ -1461,18 +1461,16 @@ class Endpoint(models.Model): @Property def active_findings_count(self): - return self.active_findings.count() + return self.active_findings().count() - @Property def host_endpoints(self): return Endpoint.objects.filter(host=self.host, product=self.product).distinct() @Property def host_endpoints_count(self): - return self.host_endpoints.count() + return self.host_endpoints().count() - @Property def host_mitigated_endpoints(self): # TODO meps = Endpoint_Status.objects.filter(endpoint__in=self.host_endpoints, mitigated=True) @@ -1480,17 +1478,15 @@ class Endpoint(models.Model): @Property def host_mitigated_endpoints_count(self): - return self.host_mitigated_endpoints.count() + return self.host_mitigated_endpoints().count() - @Property def host_findings(self): return Finding.objects.filter(endpoints__in=self.host_endpoints).distinct() @Property def host_findings_count(self): - return self.host_finding.count() + return self.host_finding().count() - @Property def host_active_findings(self): findings = self.host_findings.filter(active=True, verified=True, @@ -1506,7 +1502,7 @@ class Endpoint(models.Model): @Property def host_active_findings_count(self): - return self.host_active_findings.count() + return self.host_active_findings().count() def get_breadcrumbs(self): bc = self.product.get_breadcrumbs() diff --git a/dojo/templates/dojo/findings_list_snippet.html b/dojo/templates/dojo/findings_list_snippet.html index 5d557d5..a45aa6d 100644 --- a/dojo/templates/dojo/findings_list_snippet.html +++ b/dojo/templates/dojo/findings_list_snippet.html @@ -369,7 +369,7 @@ {% else %} {% if finding.endpoints.all %} <i class="fa fa-sitemap has-popover dojo-sup" data-html="true" data-trigger="hover" data-content=" - {% for endpoint_status in finding.endpoint_status.all %} + {% for endpoint_status in finding.status_finding.all %} {% if endpoint_status.mitigated %} &DefectDojo#10003; {{ endpoint_status.endpoint }}<br/> {% else %} diff --git a/dojo/templates/dojo/view_test.html b/dojo/templates/dojo/view_test.html index 94a1636..b47ba37 100644 --- a/dojo/templates/dojo/view_test.html +++ b/dojo/templates/dojo/view_test.html @@ -827,7 +827,7 @@ {% else %} {% if finding.endpoints.all %} <i class="fa dojo-sup fa-sitemap has-popover" data-html="true" data-trigger="hover" data-content=" - {% for endpoint_status in finding.endpoint_status.all %} + {% for endpoint_status in finding.status_finding.all %} {% if endpoint_status.mitigated %} &DefectDojo#10003; {% else %} diff --git a/dojo/templatetags/get_endpoint_status.py b/dojo/templatetags/get_endpoint_status.py index 3f2d40f..8b35c42 100644 --- a/dojo/templatetags/get_endpoint_status.py +++ b/dojo/templatetags/get_endpoint_status.py @@ -1,5 +1,6 @@ from django import template from dojo.models import Endpoint_Status +from django.db.models import Q register = template.Library() @@ -10,18 +11,20 @@ def has_endpoints(finding): @register.filter(name='get_vulnerable_endpoints') def get_vulnerable_endpoints(finding): - # TODO - # TODO - remove `.all()`, use 'select_related' endpoints and change for-loop to select -> to decrease number of queries - status_list = finding.endpoint_status.all().filter(mitigated=False) - return [status.endpoint for status in status_list] + return finding.endpoints.filter( + status_endpoint__mitigated=False, + status_endpoint__false_positive=False, + status_endpoint__out_of_scope=False, + status_endpoint__risk_accepted=False) @register.filter(name='get_mitigated_endpoints') def get_mitigated_endpoints(finding): - # TODO - # TODO - remove `.all()`, use 'select_related' endpoints and change for-loop to select -> to decrease number of queries - status_list = finding.endpoint_status.all().filter(mitigated=True) - return [status.endpoint for status in status_list] + return finding.endpoints.filter( + Q(status_endpoint__mitigated=True) | + Q(status_endpoint__false_positive=True) | + Q(status_endpoint__out_of_scope=True) | + Q(status_endpoint__risk_accepted=False)) @register.filter diff --git a/dojo/test/views.py b/dojo/test/views.py index 467c4c9..3acfeb9 100644 --- a/dojo/test/views.py +++ b/dojo/test/views.py @@ -210,10 +210,9 @@ def prefetch_for_findings(findings): queryset=Test_Import_Finding_Action.objects.exclude(action=IMPORT_UNTOUCHED_FINDING))) prefetched_findings = prefetched_findings.prefetch_related('endpoints') - prefetched_findings = prefetched_findings.prefetch_related('endpoint_status') - prefetched_findings = prefetched_findings.prefetch_related('endpoint_status__endpoint') - prefetched_findings = prefetched_findings.annotate(active_endpoint_count=Count('endpoint_status__id', filter=Q(endpoint_status__mitigated=False))) - prefetched_findings = prefetched_findings.annotate(mitigated_endpoint_count=Count('endpoint_status__id', filter=Q(endpoint_status__mitigated=True))) + prefetched_findings = prefetched_findings.prefetch_related('status_finding') + prefetched_findings = prefetched_findings.annotate(active_endpoint_count=Count('status_finding__id', filter=Q(status_finding__mitigated=False))) + prefetched_findings = prefetched_findings.annotate(mitigated_endpoint_count=Count('status_finding__id', filter=Q(status_finding__mitigated=True))) prefetched_findings = prefetched_findings.prefetch_related('finding_group_set__jira_issue') prefetched_findings = prefetched_findings.prefetch_related('duplicate_finding') prefetched_findings = prefetched_findings.prefetch_related('vulnerability_id_set')
kiblik
force-pushed
the
remove_finding_endpoint_status
branch
from
7417adb to
eed827b
Compare
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
…int_status # Conflicts: # unittests/test_migrations.py
|
Awesome! @kiblik will make it a priority to review with haste. Early next week will be the soonest as Cody is also out right now. |
Maffooch
approved these changes
Oct 26, 2022
salvianf
added a commit
to salvianf/django-DefectDojo
that referenced
this pull request
Nov 11, 2022
* adapted the helm chart of initializer-job.yaml to allow for metadata … (#6730)
* adapted the helm chart of initializer-job.yaml to allow for metadata annotations
* adapted the helm chart of initializer-job.yaml to run after install or upgrade
* fixed typo initializerKeepSeconds to initializer.keepSeconds
* renamed to jobAnnotations and moved helm hook to template values
* indent fix
* indent fix
* Design fixes to footer, tags input, and filters snippet (#6751)
* Design fixes to footer, tags input, and filters
* Update dojo.css
* Update base.html
* Bump google-api-python-client from 2.57.0 to 2.58.0 (#6757)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.57.0 to 2.58.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.57.0...v2.58.0)
---
updated-dependencies:
- dependency-name: google-api-python-client
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) (#6755)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Fix assignee bug in JIRA view (#6741)
* Fix assignee bug in JIRA view
* Update dojo/jira_link/views.py
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
* Bump google-auth from 2.10.0 to 2.11.0 (#6745)
Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.10.0 to 2.11.0.
- [Release notes](https://github.com/googleapis/google-auth-library-python/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.10.0...v2.11.0)
---
updated-dependencies:
- dependency-name: google-auth
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update local_settings.py description
* Update configuration.md
* Corrected deduplication settings for Twistlock Reports (#6777)
* Update versions in application files
* Update Chart.yaml
* Update version files
* Forgot a number
* Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.31.2 to v1.32.0 (helm/defectdojo/values.yaml) (#6823)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump cryptography from 37.0.4 to 38.0.1 (#6822)
Bumps [cryptography](https://github.com/pyca/cryptography) from 37.0.4 to 38.0.1.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/37.0.4...38.0.1)
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update rabbitmq:3.10.7-alpine Docker digest from 3.10.7 to 3.10.7-alpine (docker-compose.yml) (#6821)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) (#6820)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update nginx/nginx-prometheus-exporter Docker tag from 0.10.0 to v0.11.0 (helm/defectdojo/values.yaml) (#6818)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump sqlalchemy from 1.4.40 to 1.4.41 (#6813)
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.40 to 1.4.41.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)
---
updated-dependencies:
- dependency-name: sqlalchemy
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump google-api-python-client from 2.58.0 to 2.60.0 (#6812)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.58.0 to 2.60.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.58.0...v2.60.0)
---
updated-dependencies:
- dependency-name: google-api-python-client
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update actions/checkout action from v2 to v3 (.github/workflows/submodule-update.yml) (#6805)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump jira from 3.4.0 to 3.4.1 (#6800)
Bumps [jira](https://github.com/pycontribs/jira) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/pycontribs/jira/releases)
- [Commits](https://github.com/pycontribs/jira/compare/3.4.0...3.4.1)
---
updated-dependencies:
- dependency-name: jira
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump djangosaml2 from 1.5.1 to 1.5.2 (#6799)
Bumps [djangosaml2](https://github.com/IdentityPython/djangosaml2) from 1.5.1 to 1.5.2.
- [Release notes](https://github.com/IdentityPython/djangosaml2/releases)
- [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES)
- [Commits](https://github.com/IdentityPython/djangosaml2/compare/v1.5.1...v1.5.2)
---
updated-dependencies:
- dependency-name: djangosaml2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump django-slack from 5.17.8 to 5.18.0 (#6789)
Bumps [django-slack](https://github.com/lamby/django-slack) from 5.17.8 to 5.18.0.
- [Release notes](https://github.com/lamby/django-slack/releases)
- [Commits](https://github.com/lamby/django-slack/compare/5.17.8...5.18.0)
---
updated-dependencies:
- dependency-name: django-slack
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump vcrpy from 4.2.0 to 4.2.1 (#6785)
Bumps [vcrpy](https://github.com/kevin1024/vcrpy) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/kevin1024/vcrpy/releases)
- [Changelog](https://github.com/kevin1024/vcrpy/blob/master/docs/changelog.rst)
- [Commits](https://github.com/kevin1024/vcrpy/compare/v4.2.0...v4.2.1)
---
updated-dependencies:
- dependency-name: vcrpy
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump jquery from 3.6.0 to 3.6.1 in /components (#6766)
Bumps [jquery](https://github.com/jquery/jquery) from 3.6.0 to 3.6.1.
- [Release notes](https://github.com/jquery/jquery/releases)
- [Commits](https://github.com/jquery/jquery/compare/3.6.0...3.6.1)
---
updated-dependencies:
- dependency-name: jquery
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump python-gitlab from 3.8.1 to 3.9.0 (#6765)
Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 3.8.1 to 3.9.0.
- [Release notes](https://github.com/python-gitlab/python-gitlab/releases)
- [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md)
- [Commits](https://github.com/python-gitlab/python-gitlab/compare/v3.8.1...v3.9.0)
---
updated-dependencies:
- dependency-name: python-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Corrected deduplication settings for anchore enterprise policy checks (#6770)
* Set finding to inactivate after creation of risk acceptance (#6780)
* Auth: Add RemoteUser implementation (#6782)
* Add RemoteUser implementation
* Add documentation
* Add support also for API
* Fix bug that caused scan imports to fail (#6775)
* Adding Closed Notes to Jira (#6806)
current condition : All notes that we sent through the finding detail are sent to jira. But, the closed notes we sent when we close the finding is not sent to jira even if that notes are saved to the finding notes in the finding detail page.
proposed changes : sent the close finding notes to jira also
* Sort findings in notifications (#6817)
* Sorting by severity after add/update
* Sorting out
* Sorting by severity after add/update
* Sorting out
* Translate metrics (#6819)
* Prepared translate for metrics pages
* Fix flake8 notice
Co-authored-by: Дмитрий Муковкин <d.mukovkin@cft.ru>
* Update the text that slack notification shows (#6825)
* Update the text that slack notification shows
Currently, when a test is added and slack notification is enable is showed: "New test added for engagement {engament.product}"
I suggest adding the engament name to this phrase: " New test added for engagement {{engagement.name }} in product {{ engagement.produc}}"
* corrected typo in product
corrected typo in product
* #6620 Create API importer for Bugcrowd (#6621)
* Create API importer for Bugcrowd
* Fix linting
* Documentation update
* Implement URI extraction via regex, pagination fetch loop, switch to unique id from tool deduplication alg
* Update api_client.py
* Various fixes
* Fix dateutil parse and auth header
* Fix linting
* Switch to session
* Implement unit testing - WIP
* Bugcrowd api importer unit tests
* Fix flake8
* Simplify parameterization for bugcrowd JSONAPI format
* Fix urlencoding and loop for pagination
* Implement generator api client
* v3 of fetcher with multithreading
* Linting with Black, test data changed for generator function, fix tests
* fix pep8 and add ignore W503 in flake8
* remove json from test
* Use logger for endpoint parsing errors, without breaking parser
* Strip bug url to improve endpoint parsing
* Remove regex usage
* Handle endpoint uri a bit better
* use logger error for endpoint converting
* Improve requests exception handling
* Remove regexes, convert_endpoint function
* Raise exeptions for responses and connection tests
* Do not save broken endpoints, add cleaning in tests
* Align to dev branch
* Named ValidationError exceptions
* Fix conflicts
* Fix conflicts
* Add response text in error message
* Fix liniting
* Update __init__.py
Co-authored-by: Damien Carol <damien.carol@gmail.com>
* Bump numpy from 1.23.2 to 1.23.3 (#6830)
Bumps [numpy](https://github.com/numpy/numpy) from 1.23.2 to 1.23.3.
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](https://github.com/numpy/numpy/compare/v1.23.2...v1.23.3)
---
updated-dependencies:
- dependency-name: numpy
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump django-extensions from 3.2.0 to 3.2.1 (#6831)
Bumps [django-extensions](https://github.com/django-extensions/django-extensions) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/django-extensions/django-extensions/releases)
- [Changelog](https://github.com/django-extensions/django-extensions/blob/main/CHANGELOG.md)
- [Commits](https://github.com/django-extensions/django-extensions/compare/3.2.0...3.2.1)
---
updated-dependencies:
- dependency-name: django-extensions
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump python from 3.8.13-slim-bullseye to 3.8.14-slim-bullseye (#6832)
Bumps python from 3.8.13-slim-bullseye to 3.8.14-slim-bullseye.
---
updated-dependencies:
- dependency-name: python
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update dependency autoprefixer from 10.4.8 to v10.4.10 (docs/package.json) (#6828)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* fix npm audit JFrog Artifactory import bug (#6786)
* fix npm audit JFrog Artifactory import bug
* added unittest to ensure the npm parser error having a cwe: null will not happen again
* fixed wrong assertion
* Optimize metrics (#6798)
* Optimize metric pages
* Fix design in metrics.html page
* Fixed counting for active_per_period parameter in get_period_counts method
* Fixed unittest test_metrics_queries.py
Co-authored-by: Дмитрий Муковкин <d.mukovkin@cft.ru>
* switch to Has Capabilities (#6759)
* switch to Has Capabilities
* Address Ingress object
* Center the "No Endpoints" text to match the other objects (#6851)
* Center the "No Endpoints" text to match the other objects
* Update endpoints.html
* Fix simple search width (#6850)
* Added questionnaire functionality documentation
* Fixed bleach clean issue with display tag
* Fix simple search width
* Fixed simple search width
* Update release automation to fix helm issues, Bump versions (#6849)
* Replace documentation links (#6764)
* Replace documentation links, Remove local documentation workflows
* Fix flake8?
* Maybe this is it>
* Restore gh-pages workflow
* Fixed bleach clean not allowing links in descriptions (#6848)
* Added questionnaire functionality documentation
* Fixed bleach clean issue with display tag
* Fixed links in descriptions being cleaned by bleach
* API Cleanup: Set sane defaults for non required fields and safely retrieve results (#6847)
* API Cleanup: Set san defaults for non required fields and safely retrieve results
* Correct unit tests
* Added questionnaire functionality documentation (#6846)
* Update helm chart test
* Update versions in application files
* Bump google-auth-oauthlib from 0.5.2 to 0.5.3 (#6843)
Bumps [google-auth-oauthlib](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib) from 0.5.2 to 0.5.3.
- [Release notes](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python-oauthlib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/compare/v0.5.2...v0.5.3)
---
updated-dependencies:
- dependency-name: google-auth-oauthlib
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update release-drafter/release-drafter action from v5.20.1 to v5.21.0 (.github/workflows/release-drafter.yml) (#6842)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update dependency autoprefixer from 10.4.10 to v10.4.11 (docs/package.json) (#6841)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump drf-spectacular from 0.23.1 to 0.24.0 (#6838)
Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.23.1 to 0.24.0.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.23.1...0.24.0)
---
updated-dependencies:
- dependency-name: drf-spectacular
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Fix log_user_login_failed is username is missing (#6854)
* Parse mitigation status for Veracode SCA findings (#6855)
* Bump packageurl-python from 0.10.1 to 0.10.3 (#6856)
Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.10.1 to 0.10.3.
- [Release notes](https://github.com/package-url/packageurl-python/releases)
- [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/package-url/packageurl-python/compare/v0.10.1...v0.10.3)
---
updated-dependencies:
- dependency-name: packageurl-python
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix(helm): fix postgresql svc name (#6816)
* Update celery-beat-deployment.yaml
updated celery-beat-deployment template to include generic secrets for rabbitmq and mysql. Furthermore, removed not necessary ifs
* Update celery-worker-deployment.yaml
updated celery-worker-deployment template to include generic secrets for rabbitmq and mysql. Furthermore, removed not necessary ifs
* Update django-deployment.yaml
updated django-deployment template to include generic secrets for rabbitmq and mysql. Furthermore, removed not necessary ifs
* Update celery-beat-deployment.yaml
fixed helm lint problems
* Update celery-worker-deployment.yaml
fixed helm lint problems
* Update django-deployment.yaml
fixed helm lint problems
* Bump pyjwt from 2.4.0 to 2.5.0 (#6860)
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0)
---
updated-dependencies:
- dependency-name: pyjwt
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bugfixes for Github Vulnerability Parser (#6870)
* Add checks for anonymous users in auth model (#6869)
* Add checks for anonymous users in auth model
* Change type of failure for queries object
* Fix Flake8
* Update versions in application files
* Update versions in application files
* added Null value check in vectorString of Github Scan (Credit @L3m0nb4tt3ry) (#6879)
* Update test-helm-chart.yml
* SonarQube API Importer: Supprt for SonarCloud and Multi Branch Scanning (#6880)
* SonarQube API Importer: Supprt for SonarCloud and Multi Branch Scanning
* Correct the removed find project capability
* Update versions in application files
* Update versions in application files
* Bump google-auth from 2.11.0 to 2.11.1 (#6863)
Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.11.0 to 2.11.1.
- [Release notes](https://github.com/googleapis/google-auth-library-python/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.11.0...v2.11.1)
---
updated-dependencies:
- dependency-name: google-auth
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update dependency autoprefixer from 10.4.11 to v10.4.12 (docs/package.json) (#6868)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump djangosaml2 from 1.5.2 to 1.5.3 (#6877)
Bumps [djangosaml2](https://github.com/IdentityPython/djangosaml2) from 1.5.2 to 1.5.3.
- [Release notes](https://github.com/IdentityPython/djangosaml2/releases)
- [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES)
- [Commits](https://github.com/IdentityPython/djangosaml2/compare/v1.5.2...v1.5.3)
---
updated-dependencies:
- dependency-name: djangosaml2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update redis Docker tag from 7.0.4 to v7.0.5 (docker-compose.yml) (#6887)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update celery-beat-deployment.yaml
* Update celery-worker-deployment.yaml
* Update django-deployment.yaml
* Bump drf-spectacular from 0.24.0 to 0.24.2 (#6909)
Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.24.0 to 0.24.2.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.24.0...0.24.2)
---
updated-dependencies:
- dependency-name: drf-spectacular
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump drf-yasg from 1.21.3 to 1.21.4 (#6908)
Bumps [drf-yasg](https://github.com/axnsan12/drf-yasg) from 1.21.3 to 1.21.4.
- [Release notes](https://github.com/axnsan12/drf-yasg/releases)
- [Changelog](https://github.com/axnsan12/drf-yasg/blob/1.21.4/docs/changelog.rst)
- [Commits](https://github.com/axnsan12/drf-yasg/compare/1.21.3...1.21.4)
---
updated-dependencies:
- dependency-name: drf-yasg
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update rabbitmq Docker tag from 3.10.7 to v3.11.0 (docker-compose.yml) (#6905)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update dependency postcss-cli from 9.1.0 to v10 (docs/package.json) (#6903)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump django-debug-toolbar from 3.6.0 to 3.7.0 (#6900)
Bumps [django-debug-toolbar](https://github.com/jazzband/django-debug-toolbar) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/jazzband/django-debug-toolbar/releases)
- [Changelog](https://github.com/jazzband/django-debug-toolbar/blob/main/docs/changes.rst)
- [Commits](https://github.com/jazzband/django-debug-toolbar/compare/3.6...3.7)
---
updated-dependencies:
- dependency-name: django-debug-toolbar
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump humanize from 4.3.0 to 4.4.0 (#6884)
Bumps [humanize](https://github.com/python-humanize/humanize) from 4.3.0 to 4.4.0.
- [Release notes](https://github.com/python-humanize/humanize/releases)
- [Commits](https://github.com/python-humanize/humanize/compare/4.3.0...4.4.0)
---
updated-dependencies:
- dependency-name: humanize
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump easymde from 2.16.1 to 2.18.0 in /components (#6872)
Bumps [easymde](https://github.com/Ionaru/easy-markdown-editor) from 2.16.1 to 2.18.0.
- [Release notes](https://github.com/Ionaru/easy-markdown-editor/releases)
- [Changelog](https://github.com/Ionaru/easy-markdown-editor/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Ionaru/easy-markdown-editor/compare/2.16.1...2.18.0)
---
updated-dependencies:
- dependency-name: easymde
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update stefanzweifel/git-auto-commit-action action from v4.14.1 to v4.15.0 (.github/workflows/release-3-master-into-dev.yml) (#6895)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) (#6902)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump google-api-python-client from 2.60.0 to 2.63.0 (#6910)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.60.0 to 2.63.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.60.0...v2.63.0)
---
updated-dependencies:
- dependency-name: google-api-python-client
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump djangorestframework from 3.13.1 to 3.14.0 (#6883)
Bumps [djangorestframework](https://github.com/encode/django-rest-framework) from 3.13.1 to 3.14.0.
- [Release notes](https://github.com/encode/django-rest-framework/releases)
- [Commits](https://github.com/encode/django-rest-framework/compare/3.13.1...3.14.0)
---
updated-dependencies:
- dependency-name: djangorestframework
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Mitigate Veracode SourceClear findings with "Fixed" status (#6876)
* Added parser for new report format of AnchoreCTL (Anchore Enterprise Engine's new CLI Tool) (#6874)
* Added parser for anchore engine reports exported with AnchoreCTL
* Added parser for policy results from anchoreCTL, renamed vuln parser
* Adjusted name of class to avoid conflicts
* Corrected wrong key
* Adjusted syntax errors
* Added unit tests, fixed unit tests
* Removed explicit platform definition in docker-compose
* Corrected dedup settings
* Removed author info
* Fixing broken report generation when more than one item is selected (#6906)
* Fix error when promoting stub finding to JIRA (#6898)
* Fix improper reactivation in reimporter, using is_mitigated (#6885)
* Fix improper reactivation in reimporter, using is_mitigated
https://github.com/DefectDojo/django-DefectDojo/pull/6452
* Update reimporter.py
* Fix accepted by name (#6867)
* Update view_risk_acceptance.html
Remove get_full_name from accepted_by as it's free text not a user
* Update view_eng.html
Remove get_full_name from accepted_by as it's free text not a user
* Fix url creation for github for file location (#6888)
* [FIX] JQuery Error on Edit Finding (#6619)
* Bug Fix (JQuery Error)
When editing a finding, a click on the "See Alerts" button at the right corner of the webpage will cause a JQuery JavaScript Error. Removing JQuery usage and using JS trim instead.
* Update package.json
* Update __init__.py
* Update pipeline.py
* Update Chart.yaml
* Update pipeline.py
* Update views.py
* Update __init__.py
* Update views.py
* Update pipeline.py
* Update pipeline.py
* tools: NeuVector: introducing NeuVector (REST) scan type (#6809)
This commit adds the support of NeuVector
(https://github.com/neuvector/neuvector) tool for importing scan
results. Scan results can be exported via REST API in JSON format (that
is why the tool is named 'NeuVector (REST)'). There is no GUI for that
at the moment.
Scan results are just a list of issues found in packages installed in
a container or an image. Very similar to Twistlock.
NeuVector also provides compliance scan results. This is not supported
by the introduced tool.
* Bump django-dbbackup from 4.0.1 to 4.0.2 (#6911)
Bumps [django-dbbackup](https://github.com/jazzband/django-dbbackup) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/jazzband/django-dbbackup/releases)
- [Changelog](https://github.com/jazzband/django-dbbackup/blob/master/docs/changelog.rst)
- [Commits](https://github.com/jazzband/django-dbbackup/commits/4.0.2)
---
updated-dependencies:
- dependency-name: django-dbbackup
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump django-split-settings from 1.1.0 to 1.2.0 (#6914)
Bumps [django-split-settings](https://github.com/sponsors/wemake-services) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/sponsors/wemake-services/releases)
- [Commits](https://github.com/sponsors/wemake-services/commits)
---
updated-dependencies:
- dependency-name: django-split-settings
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump google-auth from 2.11.1 to 2.12.0 (#6913)
Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.11.1 to 2.12.0.
- [Release notes](https://github.com/googleapis/google-auth-library-python/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.11.1...v2.12.0)
---
updated-dependencies:
- dependency-name: google-auth
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update helm/chart-testing-action action from v2.3.0 to v2.3.1 (.github/workflows/test-helm-chart.yml) (#6915)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Estimated remediation date (#6302)
* initial commit for branch
* added bulk edit
* code complete (I hope). Committing before adding tests
* additional work to allow users to edit/add a planned remediation date
* Typo on auto_create_context (#6291)
* removed calendar icons in list view
* pep8 fixes
* pep8 fixes
* pep8 again!
* removed manually created migration file
* auto-generated migration file
* formatting fixes
* pep8 fix
* reran migrations and still getting changes for rule and child_rule
* reran migrations
* formatting changes
* Update forms.py
* updated find method for dom element
* updated adhoc Finding form for bug fix
* removing erroneous selenium config
* updated promot finding form for bug fix
* formatting fix
* PR cleanups
* rebase on latest dev
* pep8 fixes
* formatting fixes
* formatting changes
* updated adhoc Finding form for bug fix
* PR cleanups
* fixed bolded remediation date field
* removed breaks and used CSS
* pep8 fixes
* pep8 fix
* fixing bad migration
* merging latest from dev
* further merge fixes
* css fixes for date picker
* Update docker-compose.override.integration_tests.yml
Co-authored-by: Chris Fort <chris.fort@lexisnexis.com>
Co-authored-by: Bastian Hodapp <bastianhodapp@gmail.com>
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
* Bump python-gitlab from 3.9.0 to 3.10.0 (#6912)
Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 3.9.0 to 3.10.0.
- [Release notes](https://github.com/python-gitlab/python-gitlab/releases)
- [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md)
- [Commits](https://github.com/python-gitlab/python-gitlab/compare/v3.9.0...v3.10.0)
---
updated-dependencies:
- dependency-name: python-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add support for specifying custom JIRA fields (#6740)
* Add support for specifying custom JIRA fields
* Update and rename 0169_jira_project_custom_fields.py to 0170_jira_project_custom_fields.py
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
* Don't create finding JIRAs on a bulk update if we are creating a finding group JIRA (#6709)
* Update dependency postcss from 8.4.16 to v8.4.17 (docs/package.json) (#6923)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Add the ability to set JIRA labels per-product or engagement (#6720)
* Add the ability to set JIRA labels per-product or engagement
* Rename 0169_auto_20220816_1333.py to 0169_jira_labels_per_product_and_engagement.py
* Delete 0170_jira_project_custom_fields.py
* Update and rename 0169_jira_labels_per_product_and_engagement.py to 0171_jira_labels_per_product_and_engagement.py
* Restore deleted migration
* Fix spacing in migration to remove change from dif
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
* Added filter for existance of JIRA issue in finding (#6919)
* Bump coverage from 6.4.4 to 6.5.0 (#6921)
Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.4 to 6.5.0.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/6.4.4...6.5.0)
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* changed type to regular django type to also pick up creation events (#6918)
* changed type to regular django type to also pick up creation events from ldap and oauth
* removed unused import
* this event should be triggered for all user-types
* fixed test to include the now created group/notification relations
* Bugfixing when the Checkov report has no findings (#6097)
* Bugfixing when the Checkov report has no findings
# Current error log:
[29/Mar/2022 11:55:54] ERROR [dojo.api_v2.exception_handler:26] 'check_type'
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 506, in dispatch
response = handler(request, *args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/rest_framework/mixins.py", line 19, in create
self.perform_create(serializer)
File "/app/./dojo/api_v2/views.py", line 1957, in perform_create
serializer.save(push_to_jira=push_to_jira)
File "/app/./dojo/api_v2/serializers.py", line 1246, in save
test, finding_count, closed_finding_count = importer.import_scan(scan, scan_type, engagement, lead, environment,
File "/app/./dojo/importers/importer/importer.py", line 349, in import_scan
parsed_findings = parser.get_findings(scan, test)
File "/app/./dojo/tools/checkov/parser.py", line 22, in get_findings
check_type = tree['check_type']
KeyError: 'check_type'
[29/Mar/2022 11:55:54] ERROR [django.request:224] Internal Server Error: /api/v2/import-scan/
ERROR:django.request:Internal Server Error: /api/v2/import-scan/
[pid: 1|app: 0|req: 2020/4117] 10.6.33.147 () {44 vars in 738 bytes} [Tue Mar 29 11:55:54 2022] POST /api/v2/import-scan/ => generated 59 bytes in 54 msecs (HTTP/1.1 500) 7 headers in 212 bytes (1 switches on core 1)
* Fix to make the previous fix shorter.
Co-authored-by: Daniel Velardez <dvelardez@afip.gob.ar>
* added option to add labels using podLabels: {}
* Bump django from 3.2.15 to 3.2.16 (#6938)
Bumps [django](https://github.com/django/django) from 3.2.15 to 3.2.16.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/3.2.15...3.2.16)
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* SonarQube API Importer: Add sonarcloud global org id, code clean up (#6928)
* SonarQube API Importer: Add sonarcloud global org id, code clean up
* Fix Flake8
* Add clause for non entered extras
* Jira Webhook: Catch missing assignee field + code cleanup (#6929)
* Add validation error when users attempt to send email without valid SMTP server (#6930)
* Add validation error when users attempt send email without valid SMTP server
* Be sure to close connection after opening it
* Update views.py
* TruffleHog: Add v3 support to original trufflehog parser (#6937)
* TruffleHog: Add v3 support to originaly trufflehog parser
* Remove extra printing
* Flake8
* Update versions in application files
* Add upgrade notes for 2.15.0
* Update versions in application files
* Make doc update action only apply when docs are updated
* Rev node version for gh-pages deploy
* Update rabbitmq:3.11.0-alpine Docker digest from 3.11.0 to 3.11.0-alpine (docker-compose.yml) (#6936)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump pytz from 2022.2.1 to 2022.4 (#6934)
Bumps [pytz](https://github.com/stub42/pytz) from 2022.2.1 to 2022.4.
- [Release notes](https://github.com/stub42/pytz/releases)
- [Commits](https://github.com/stub42/pytz/commits)
---
updated-dependencies:
- dependency-name: pytz
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Make version optional for cyclonedx (#6950)
* Update tj-actions/changed-files action from v31 to v32 (.github/workflows/submodule-update.yml) (#6949)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump google-api-python-client from 2.63.0 to 2.64.0 (#6946)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.63.0 to 2.64.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.63.0...v2.64.0)
---
updated-dependencies:
- dependency-name: google-api-python-client
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Parse state, cwe and createdAt in the GitHub parser (#6945)
* Update styfle/cancel-workflow-action action from 0.10.0 to v0.10.1 (.github/workflows/cancel-outdated-workflow-runs.yml) (#6927)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update redis:7.0.5-alpine Docker digest from 7.0.5 to 7.0.5-alpine (docker-compose.yml) (#6953)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Rev actions to latest ubuntu version per https://github.com/actions/runner-images/issues/6002 (#6931)
* Helm Chart: Create PVC as part of the Chart (#6271)
* Create PVC as part of the Chart
* Allow creating pvc or disabling it
* Set pvc creation to false as default
* Remove trailing spaces
* Modify storage access mode and size
* Update KUBERNETES.md to reflect storage accessMode
* Fix linting issue
* Modify pvc documentation in KUBERNETES.md
* Bump psycopg2-binary from 2.9.3 to 2.9.4 (#6958)
Bumps [psycopg2-binary](https://github.com/psycopg/psycopg2) from 2.9.3 to 2.9.4.
- [Release notes](https://github.com/psycopg/psycopg2/releases)
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](https://github.com/psycopg/psycopg2/commits)
---
updated-dependencies:
- dependency-name: psycopg2-binary
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump gitpython from 3.1.27 to 3.1.28 (#6957)
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.27 to 3.1.28.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.27...3.1.28)
---
updated-dependencies:
- dependency-name: gitpython
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* [Fix] API - Tool Product Settings (#6170) (#6904)
* Made the product editable on Tool_Product_Settings
* Reverted the model change and modified the Tool_Product_Settings serializer to support specifying the product.
* dojo: tool: introduce NeuVector compliance scans import support (#6947)
This commit makes DefectDojo to support compliance scans performed by
NeuVector. Such scan results can only be fetched via REST API using
endpoints like /v1/scan/workload/{id} and /v1/host/{id}/compliance. The
latter one returns the results in a slightly different format. Both of
them are supported.
* Bump nginx from `082f8c1` to `b87c350` (#6961)
Bumps nginx from `082f8c1` to `b87c350`.
---
updated-dependencies:
- dependency-name: nginx
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump pdfmake from 0.2.5 to 0.2.6 in /components (#6960)
Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.2.5 to 0.2.6.
- [Release notes](https://github.com/bpampuch/pdfmake/releases)
- [Changelog](https://github.com/bpampuch/pdfmake/blob/0.2.6/CHANGELOG.md)
- [Commits](https://github.com/bpampuch/pdfmake/compare/0.2.5...0.2.6)
---
updated-dependencies:
- dependency-name: pdfmake
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* dojo: jira_link: improve error reporting when fetching Jira metadata (#6962)
get_jira_meta() function in did not check if jira.createmeta() raises an
exception. In case an exception was raised, it was not logged anyhow, the logs
contained only "invalid JIRA Project Config.." message in DEBUG stream.
This commit stores an error triggered by jira.createmeata() in logs and displays
it to a user. The commit also slightly improves quotes formatting for
debug-level error message.
* Add the ability to specify the Epic name and priority in JIRA (#6768)
* Update stefanzweifel/git-auto-commit-action action from v4.15.0 to v4.15.1 (.github/workflows/release-3-master-into-dev.yml) (#6964)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Use DEDUPE_ALGO_HASH_CODE for Acunetix360 (#6968)
* Update mysql Docker tag from 5.7.39 to v5.7.40 (docker-compose.yml) (#6969)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update versions in application files
* Fixed 500 error for GitHub finding links (#6981)
* Typo on auto_create_context (#6291)
* Fixed 500 error for GitHub finding links
Co-authored-by: Bastian Hodapp <bastianhodapp@gmail.com>
* Update versions in application files
* Add Rubocop to parser documentation (#6978)
* Update styfle/cancel-workflow-action action from 0.10.1 to v0.11.0 (.github/workflows/cancel-outdated-workflow-runs.yml) (#6977)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update dependency postcss from 8.4.17 to v8.4.18 (docs/package.json) (#6979)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump cryptography from 38.0.1 to 38.0.2 (#6976)
Bumps [cryptography](https://github.com/pyca/cryptography) from 38.0.1 to 38.0.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/38.0.1...38.0.2)
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump pygithub from 1.55 to 1.56 (#6986)
Bumps [pygithub](https://github.com/pygithub/pygithub) from 1.55 to 1.56.
- [Release notes](https://github.com/pygithub/pygithub/releases)
- [Changelog](https://github.com/PyGithub/PyGithub/blob/master/doc/changes.rst)
- [Commits](https://github.com/pygithub/pygithub/compare/v1.55...v1.56)
---
updated-dependencies:
- dependency-name: pygithub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update postgres:14.5-alpine Docker digest from 14.5 to 14.5-alpine (docker-compose.yml) (#6952)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Fix errors with risk acceptance filter (#6984)
* Fix issues with Bugcrowd API parser not marking not_applicable/not_reproducible as inactive (#6974)
* Update rabbitmq:3.11.0-alpine Docker digest from 3.11.0 to v (docker-compose.yml) (#6988)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update rabbitmq Docker tag from 3.11.0 to v3.11.1 (docker-compose.yml) (#6989)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump packageurl-python from 0.10.3 to 0.10.4 (#6997)
Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.10.3 to 0.10.4.
- [Release notes](https://github.com/package-url/packageurl-python/releases)
- [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/package-url/packageurl-python/compare/v0.10.3...v0.10.4)
---
updated-dependencies:
- dependency-name: packageurl-python
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump sqlalchemy from 1.4.41 to 1.4.42 (#6996)
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.41 to 1.4.42.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)
---
updated-dependencies:
- dependency-name: sqlalchemy
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update rabbitmq:3.11.1-alpine Docker digest from 3.11.1 to 3.11.1-alpine (docker-compose.yml) (#6993)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update release-drafter/release-drafter action from v5.21.0 to v5.21.1 (.github/workflows/release-drafter.yml) (#7000)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Parse Veracode library_id for SCA to get the maven component name (#6995)
* Enable filtering Findings on steps_to_reproduce (#6970)
* Bump python from 3.8.14-slim-bullseye to 3.8.15-slim-bullseye (#6998)
Bumps python from 3.8.14-slim-bullseye to 3.8.15-slim-bullseye.
---
updated-dependencies:
- dependency-name: python
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update asset and findings retrieval for Cobalt API parser (#7005)
Update the Cobalt API parser's `CobaltAPI` client to fetch the maximum
allowed number of findings and assets.
* Update tj-actions/changed-files action from v32 to v33 (.github/workflows/submodule-update.yml) (#7014)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update rabbitmq Docker tag from 3.11.1 to v3.11.2 (docker-compose.yml) (#7008)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* [FIX] Issues on disconnection and connection using Social Auth (#6066)
* [FIX] Issues on disconnection and connection using OAuth
Fix two issues:
- When disconnecting using OAuth and "SHOW_LOGIN_FORM = False", as return URL is not /login and does not contains next parameter, an error 500 is trigerred.
- When connecing using OAuth and "SHOW_LOGIN_FORM = False", message "You have logged out" is displayed after logging in.
* Fixing Flake8 issues
* Update package.json
* Update __init__.py
* Update views.py
* Update pipeline.py
* Update Chart.yaml
* Update __init__.py
* Update views.py
* Update pipeline.py
* Update pipeline.py
* Update pipeline.py
* Fix out of SLA time (#7017)
* Add a HTML link in the references back to the Bugcrowd finding (#7018)
* Bump boto3 from 1.24.55 to 1.25.0 (#7022)
Bumps [boto3](https://github.com/boto/boto3) from 1.24.55 to 1.25.0.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.24.55...1.25.0)
---
updated-dependencies:
- dependency-name: boto3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update tj-actions/changed-files action from v33 to v34 (.github/workflows/submodule-update.yml) (#7026)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.32.0 to v1.33.0 (helm/defectdojo/values.yaml) (#7025)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump uwsgi from 2.0.20 to 2.0.21 (#7023)
Bumps [uwsgi](https://github.com/unbit/uwsgi-docs) from 2.0.20 to 2.0.21.
- [Release notes](https://github.com/unbit/uwsgi-docs/releases)
- [Commits](https://github.com/unbit/uwsgi-docs/commits)
---
updated-dependencies:
- dependency-name: uwsgi
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update postgres:14.5-alpine Docker digest from 14.5 to v (docker-compose.yml) (#7024)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump google-auth-oauthlib from 0.5.3 to 0.6.0 (#7021)
Bumps [google-auth-oauthlib](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib) from 0.5.3 to 0.6.0.
- [Release notes](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python-oauthlib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/compare/v0.5.3...v0.6.0)
---
updated-dependencies:
- dependency-name: google-auth-oauthlib
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update rabbitmq:3.11.2-alpine Docker digest from 3.11.2 to 3.11.2-alpine (docker-compose.yml) (#7020)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump nginx from 1.23.1-alpine to 1.23.2-alpine (#7019)
Bumps nginx from 1.23.1-alpine to 1.23.2-alpine.
---
updated-dependencies:
- dependency-name: nginx
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update stefanzweifel/git-auto-commit-action action from v4.15.1 to v4.15.2 (.github/workflows/release-3-master-into-dev.yml) (#7016)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Add support for ZAP "XML with requests and responses" format (#7013)
* Support ZAP XML with requests and responses
Signed-off-by: Max Maass <max.maass@iteratec.com>
* Update ZAP parser with final XMLplus format
Signed-off-by: Max Maass <max.maass@iteratec.com>
* Update ZAP parser docs
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
* Bump pyjwt from 2.5.0 to 2.6.0 (#7010)
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jpadilla/pyjwt/commits)
---
updated-dependencies:
- dependency-name: pyjwt
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update mysql:5.7.40 Docker digest from 5.7.40 to v (docker-compose.yml) (#7007)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump pytz from 2022.4 to 2022.5 (#7003)
Bumps [pytz](https://github.com/stub42/pytz) from 2022.4 to 2022.5.
- [Release notes](https://github.com/stub42/pytz/releases)
- [Commits](https://github.com/stub42/pytz/compare/release_2022.4...release_2022.5)
---
updated-dependencies:
- dependency-name: pytz
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Don't save vulnerability Ids on a re-import if they're already defined for the finding (#7012)
* Bump gitpython from 3.1.28 to 3.1.29 (#6966)
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.28 to 3.1.29.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.28...3.1.29)
---
updated-dependencies:
- dependency-name: gitpython
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add the ability to only create finding groups when you have more than one finding in the group (#6916)
* Bump google-auth from 2.12.0 to 2.13.0 (#7004)
Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.12.0 to 2.13.0.
- [Release notes](https://github.com/googleapis/google-auth-library-python/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.12.0...v2.13.0)
---
updated-dependencies:
- dependency-name: google-auth
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update postgres Docker tag from 14.5 to v15 (docker-compose.yml) (#6994)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Bump google-api-python-client from 2.64.0 to 2.65.0 (#7006)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.64.0 to 2.65.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.64.0...v2.65.0)
---
updated-dependencies:
- dependency-name: google-api-python-client
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Endpoint_Status: Optimize DB (remove redundancy) (#6193)
* Endpoint_Status: Optimize DB (remove redundancy)
* small changes in comments
* Fix importers, add TODOs
* Fix migrations - rebase
* Fix fixtures
* add findings to Endpoint
* consolidate models.py
* fix alternative names for endpoint_status
diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py
index 592b6bb16..83c5fc5bc 100644
--- a/dojo/api_v2/views.py
+++ b/dojo/api_v2/views.py
@@ -507,7 +507,7 @@ class FindingViewSet(prefetch.PrefetchListMixin,
'finding_group_set',
'files',
'burprawrequestresponse_set',
- 'endpoint_status',
+ 'status_finding',
'finding_meta',
'test__test_type',
'test__engagement',
@@ -1757,7 +1757,7 @@ class TestImportViewSet(prefetch.PrefetchListMixin,
'test_import_finding_action_set',
'findings_affected',
'findings_affected__endpoints',
- 'findings_affected__endpoint_status',
+ 'findings_affected__status_finding',
'findings_affected__finding_meta',
'findings_affected__jira_issue',
'findings_affected__burprawrequestresponse_set',
diff --git a/dojo/endpoint/views.py b/dojo/endpoint/views.py
index 4bfb0805e..dd239751a 100644
--- a/dojo/endpoint/views.py
+++ b/dojo/endpoint/views.py
@@ -32,10 +32,17 @@ logger = logging.getLogger(__name__)
def process_endpoints_view(request, host_view=False, vulnerable=False):
if vulnerable:
- endpoints = Endpoint.objects.filter(finding__active=True, findi…
Merged
kiblik
added a commit
to kiblik/django-DefectDojo
that referenced
this pull request
Nov 15, 2022
Maffooch
pushed a commit
that referenced
this pull request
Nov 15, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
but false positive
but out of scope
but risk accepted
https://bar.foo/f6