Merge pull request #10571 from DefectDojo/release/2.36.3

Release: Merge release into master from: release/2.36.3

Author: Maffooch

.flake8

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.36.2",
+  "version": "2.36.3",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

components/package.json

@@ -22,6 +22,11 @@ python3 manage.py check
 
 DD_UWSGI_LOGFORMAT_DEFAULT='[pid: %(pid)|app: -|req: -/-] %(addr) (%(dd_user)) {%(vars) vars in %(pktsize) bytes} [%(ctime)] %(method) %(uri) => generated %(rsize) bytes in %(msecs) msecs (%(proto) %(status)) %(headers) headers in %(hsize) bytes (%(switches) switches on core %(core))'
 
+EXTRA_ARGS=""
+if [ -n "${DD_UWSGI_MAX_FD}" ]; then
+    EXTRA_ARGS="${EXTRA_ARGS} --max-fd ${DD_UWSGI_MAX_FD}"
+fi
+
 exec uwsgi \
   "--${DD_UWSGI_MODE}" "${DD_UWSGI_ENDPOINT}" \
   --protocol uwsgi \
@@ -31,5 +36,6 @@ exec uwsgi \
   --wsgi dojo.wsgi:application \
   --buffer-size="${DD_UWSGI_BUFFER_SIZE:-8192}" \
   --http 0.0.0.0:8081 --http-to "${DD_UWSGI_ENDPOINT}" \
-  --logformat "${DD_UWSGI_LOGFORMAT:-$DD_UWSGI_LOGFORMAT_DEFAULT}"
+  --logformat "${DD_UWSGI_LOGFORMAT:-$DD_UWSGI_LOGFORMAT_DEFAULT}" \
+  $EXTRA_ARGS
   # HTTP endpoint is enabled for Kubernetes liveness checks. It should not be exposed as a service.

docker/entrypoint-uwsgi.sh

@@ -540,7 +540,7 @@ Custom reports, generated with the Report Builder, allow you to select specific
 5.  Vulnerable Endpoints
 6.  Page Breaks
 
-DefectDojo's reports can be generated in HTML and AsciiDoc.
+DefectDojo's reports can be generated in HTML.
 
 ## Metrics
 

docs/content/en/usage/features.md

@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = '2.36.2'
+__version__ = '2.36.3'
 __url__ = 'https://github.com/DefectDojo/django-DefectDojo'
 __docs__ = 'https://documentation.defectdojo.com'

dojo/__init__.py

@@ -2951,6 +2951,7 @@ class Meta:
     def validate(self, data):
         user = None
         product = None
+        template = False
 
         if self.instance is not None:
             user = self.instance.user
@@ -2960,25 +2961,26 @@ def validate(self, data):
             user = data.get("user")
         if "product" in data:
             product = data.get("product")
+        if "template" in data:
+            template = data.get("template")
 
+        if (
+            template
+            and Notifications.objects.filter(template=True).count() > 0
+        ):
+            msg = "Notification template already exists"
+            raise ValidationError(msg)
         if (
             self.instance is None
             or user != self.instance.user
             or product != self.instance.product
         ):
             notifications = Notifications.objects.filter(
-                user=user, product=product, template=False
+                user=user, product=product, template=template
             ).count()
             if notifications > 0:
                 msg = "Notification for user and product already exists"
                 raise ValidationError(msg)
-        if (
-            data.get("template")
-            and Notifications.objects.filter(template=True).count() > 0
-        ):
-            msg = "Notification template already exists"
-            raise ValidationError(msg)
-
         return data
 
 

dojo/api_v2/serializers.py

@@ -79,6 +79,8 @@ def endpoint_get_or_create(**kwargs):
         count = qs.count()
         if count == 0:
             return Endpoint.objects.get_or_create(**kwargs)
+        elif count == 1:
+            return qs.order_by("id").first(), False
         else:
             logger.warning(
                 f"Endpoints in your database are broken. "

dojo/endpoint/utils.py

@@ -28,6 +28,7 @@
     calculate_grade,
     get_page_items,
     get_period_counts,
+    get_setting,
     get_system_setting,
     is_scan_file_too_large,
     redirect,
@@ -223,9 +224,12 @@ def delete_endpoint(request, eid):
                                      extra_tags='alert-success')
                 return HttpResponseRedirect(reverse('view_product', args=(product.id,)))
 
-    collector = NestedObjects(using=DEFAULT_DB_ALIAS)
-    collector.collect([endpoint])
-    rels = collector.nested()
+    rels = ["Previewing the relationships has been disabled.", ""]
+    display_preview = get_setting("DELETE_PREVIEW")
+    if display_preview:
+        collector = NestedObjects(using=DEFAULT_DB_ALIAS)
+        collector.collect([endpoint])
+        rels = collector.nested()
 
     product_tab = Product_Tab(endpoint.product, "Delete Endpoint", tab="endpoints")
 

dojo/endpoint/views.py

@@ -2756,6 +2756,7 @@ def finding_bulk_update_all(request, pid=None):
                     )
 
                 finds = prefetch_for_findings(finds)
+                note = None
                 if form.cleaned_data["severity"] or form.cleaned_data["status"]:
                     for find in finds:
                         old_find = copy.deepcopy(find)
@@ -3083,6 +3084,8 @@ def finding_bulk_update_all(request, pid=None):
                                 "pushing to jira from finding.finding_bulk_update_all()"
                             )
                             jira_helper.push_to_jira(finding)
+                            if note is not None and isinstance(note, Notes):
+                                jira_helper.add_comment(finding, note)
                             success_count += 1
 
                 for error_message, error_count in error_counts.items():

dojo/finding/views.py

@@ -16,7 +16,7 @@
 from dojo.finding.views import prefetch_for_findings
 from dojo.forms import DeleteFindingGroupForm, EditFindingGroupForm, FindingBulkUpdateForm
 from dojo.models import Engagement, Finding, Finding_Group, GITHUB_PKey, Product
-from dojo.utils import Product_Tab, add_breadcrumb, get_page_items, get_system_setting, get_words_for_field
+from dojo.utils import Product_Tab, add_breadcrumb, get_page_items, get_setting, get_system_setting, get_words_for_field
 
 logger = logging.getLogger(__name__)
 
@@ -121,9 +121,12 @@ def delete_finding_group(request, fgid):
                                      extra_tags='alert-success')
                 return HttpResponseRedirect(reverse('view_test', args=(finding_group.test.id,)))
 
-    collector = NestedObjects(using=DEFAULT_DB_ALIAS)
-    collector.collect([finding_group])
-    rels = collector.nested()
+    rels = ["Previewing the relationships has been disabled.", ""]
+    display_preview = get_setting("DELETE_PREVIEW")
+    if display_preview:
+        collector = NestedObjects(using=DEFAULT_DB_ALIAS)
+        collector.collect([finding_group])
+        rels = collector.nested()
     product_tab = Product_Tab(finding_group.test.engagement.product, title="Product", tab="settings")
 
     return render(request, 'dojo/delete_finding_group.html', {