Merge branch 'bugfix' into movingparserdocs

Author: paulOsinski

docs/content/en/connecting_your_tools/connectors/connectors_tool_reference.md

@@ -172,6 +172,8 @@ The SonarQube Connector can fetch data from either a SonarCloud account or from
 1. Enter the base url of your SonarQube instance in the Location field: for example `https://my.sonarqube.com/`
 2. Enter a valid **API key** in the Secret field. This will need to be a **[User](https://docs.sonarsource.com/sonarqube/latest/user-guide/user-account/generating-and-using-tokens/)** [API Token Type](https://docs.sonarsource.com/sonarqube/latest/user-guide/user-account/generating-and-using-tokens/).
 
+The token will need to have access to Projects, Vulnerabilities and Hotspots within Sonar.
+
 API tokens can be found and generated via **My Account \-\> Security \-\> Generate Token** in the SonarQube app. For more information, [see SonarQube documentation](https://docs.sonarsource.com/sonarqube/latest/user-guide/user-account/generating-and-using-tokens/).
 
 ## **Snyk**
@@ -187,7 +189,7 @@ See the [Snyk API documentation](https://docs.snyk.io/snyk-api) for more info.
 
 ## Tenable
 
-The Tenable connector uses the **Tenable.io** REST API to fetch data.
+The Tenable connector uses the **Tenable.io** REST API to fetch data.  Currently, only vulnerability scans are imported - Web App Scans cannot be imported with the Connector.
 
 On\-premise Tenable Connectors are not available at this time.
 

docs/content/en/share_your_findings/integrations.md

@@ -9,7 +9,7 @@ Supported Integrations:
 - [Azure Devops](/en/share_your_findings/integrations_toolreference/#azure-devops-boards)
 - [GitHub](/en/share_your_findings/integrations_toolreference/#github)
 - [GitLab Boards](/en/share_your_findings/integrations_toolreference/#gitlab)
-- ServiceNow (Coming Soon)
+- [ServiceNow](/en/share_your_findings/integrations_toolreference/#servicenow)
 
 ## Opening the Integrations page
 

docs/content/en/share_your_findings/integrations_toolreference.md

@@ -1,6 +1,6 @@
 ---
 title: "Integrators Tool Reference"
-description: "Beta Feature"
+description: "Detailed setup guides for Integrators"
 weight: 1
 ---
 
@@ -101,7 +101,7 @@ The GitLab integration allows you to add issues to a [GitLab Project](https://do
 
 ### Issue Tracker Mapping
 
-- **Project Name**: The name of the project in GitLab that you want to send issues to
+- **Project Name**: The name of the project in GitLab that you want to send issues to.
 
 ### Severity Mapping Details
 
@@ -122,3 +122,62 @@ By default, GitLab has statuses of 'opened' and 'closed'.  Additional status lab
 - **Closed Mapping**: `closed`
 - **False Positive Mapping**: `closed`
 - **Risk Accepted Mapping**: `closed`
+
+## ServiceNow
+
+The ServiceNow Integration allows you to push DefectDojo Findings as ServiceNow Incidents.
+
+### Instance Setup
+
+Your ServiceNow instance will require you to obtain a Refresh Token, associated with the User or Service account that will push Incidents to ServiceNow.
+
+You'll need to start by creating an OAuth registration on your ServiceNow instance for DefectDojo:
+
+1. In the left-hand navigation bar, search for “Application Registry” and select it.
+2. Click “New”.
+3. Choose “Create an OAuth API endpoint for external clients”.
+4. Fill in the required fields:
+    * Name: Provide a meaningful name for your application (e.g., Vulnerability Integration Client).
+    * (Optional) Adjust the Token Lifespan:
+    * Access Token Lifespan: Default is 1800 seconds (30 minutes).
+    * Refresh Token Lifespan: The default is 8640000 seconds (approximately 100 days).
+5. Click Submit to create the application record.
+6. After submission, select the application from the list and take note of the **Client ID and Client Secret** fields.
+
+You will then need to use this registration to obtain a Refresh Token, which can only be obtained through the ServiceNow API.  Open a terminal window and paste the following (substituting the variables wrapped in `{{}}` with your user's actual information)
+
+```
+curl --request POST \
+ --url {{INSTANCE_HOST}}/oauth_token.do \
+ --header 'content-type: application/x-www-form-urlencoded' \
+ --data grant_type=password \
+ --data 'client_id={{CLIENT_ID}}' \
+ --data 'client_secret={{CLIENT_SECRET}}' \
+ --data 'username={{USERNAME}}' \
+ --data 'password={{PASSWORD}}'
+ ```
+
+If your ServiceNow credentials are correct, and allow for admin level-access to ServiceNow, you should receive a response with a RefreshToken.  You'll need that token to complete integration with DefectDojo.
+
+- **Instance Label** should be the label that you want to use to identify this integration.
+- **Location** should be set to the URL for your ServiceNow server, for example `https://your-organization.service-now.com/`.
+- **Refresh Token** is where the Refresh Token should be entered.
+- **Client ID** should be the Client ID set in the OAuth App Registration.
+- **Client ID** should be the Client Secret set in the OAuth App Registration.
+
+### Severity Mapping Details
+
+This maps to the ServiceNow Impact field.
+- **Info Mapping**: `1`
+- **Low Mapping**: `1`
+- **Medium Mapping**: `2`
+- **High Mapping**: `3`
+- **Critical Mapping**: `3`
+
+### Status Mapping Details
+
+- **Status Field Name**: `State`
+- **Active Mapping**: `New`
+- **Closed Mapping**: `Closed`
+- **False Positive Mapping**: `Resolved`
+- **Risk Accepted Mapping**: `Resolved`

docs/package-lock.json

@@ -16,18 +16,18 @@
     "preview": "vite preview --outDir public"
   },
   "dependencies": {
-    "@docsearch/css": "^4.2.0",
-    "@docsearch/js": "^4.2.0",
-    "@tabler/icons": "^3.34.1",
-    "@thulite/doks-core": "^1.8.3",
-    "@thulite/images": "^3.3.1",
-    "@thulite/inline-svg": "^1.2.0",
-    "@thulite/seo": "^2.4.1",
-    "thulite": "^2.6.3"
+    "@docsearch/css": "4.2.0",
+    "@docsearch/js": "4.2.0",
+    "@tabler/icons": "3.35.0",
+    "@thulite/doks-core": "1.8.3",
+    "@thulite/images": "3.3.3",
+    "@thulite/inline-svg": "1.2.1",
+    "@thulite/seo": "2.4.2",
+    "thulite": "2.6.3"
   },
   "devDependencies": {
-    "prettier": "^3.6.2",
-    "vite": "^7.0.6"
+    "prettier": "3.6.2",
+    "vite": "7.1.11"
   },
   "engines": {
     "node": ">=20.11.0"

docs/package.json

@@ -933,6 +933,8 @@ def close(self, request, pk=None):
                 context={"request": request},
             )
             if finding_close.is_valid():
+                # Remove the prefetched tags to avoid issues with delegating to celery
+                finding.tags._remove_prefetched_objects()
                 # Use shared helper to perform close operations
                 finding_helper.close_finding(
                     finding=finding,

dojo/api_v2/views.py

@@ -6,13 +6,18 @@
 from urllib.parse import quote
 
 import pghistory.middleware
+import requests
 from auditlog.context import set_actor
 from auditlog.middleware import AuditlogMiddleware as _AuditlogMiddleware
 from django.conf import settings
+from django.contrib import messages
 from django.db import models
 from django.http import HttpResponseRedirect
+from django.shortcuts import redirect
 from django.urls import reverse
 from django.utils.functional import SimpleLazyObject
+from social_core.exceptions import AuthCanceled, AuthFailed, AuthForbidden
+from social_django.middleware import SocialAuthExceptionMiddleware
 from watson.middleware import SearchContextMiddleware
 from watson.search import search_context_manager
 
@@ -75,6 +80,23 @@ def __call__(self, request):
         return self.get_response(request)
 
 
+class CustomSocialAuthExceptionMiddleware(SocialAuthExceptionMiddleware):
+    def process_exception(self, request, exception):
+        if isinstance(exception, requests.exceptions.RequestException):
+            messages.error(request, "Please use the standard login below.")
+            return redirect("/login?force_login_form")
+        if isinstance(exception, AuthCanceled):
+            messages.warning(request, "Social login was canceled. Please try again or use the standard login.")
+            return redirect("/login?force_login_form")
+        if isinstance(exception, AuthFailed):
+            messages.error(request, "Social login failed. Please try again or use the standard login.")
+            return redirect("/login?force_login_form")
+        if isinstance(exception, AuthForbidden):
+            messages.error(request, "You are not authorized to log in via this method. Please contact support or use the standard login.")
+            return redirect("/login?force_login_form")
+        return super().process_exception(request, exception)
+
+
 class DojoSytemSettingsMiddleware:
     _thread_local = local()
 

dojo/middleware.py

@@ -627,6 +627,10 @@ def __init__(self, *args: list, **kwargs: dict) -> None:
     def create_notification(self, event: str | None = None, **kwargs: dict) -> None:
         # Process the notifications for a given list of recipients
         if kwargs.get("recipients") is not None:
+            recipients = kwargs.get("recipients", [])
+            if not recipients:
+                logger.debug("No recipients provided for event: %s", event)
+                return
             self._process_recipients(event=event, **kwargs)
         else:
             logger.debug("creating system notifications for event: %s", event)

dojo/notifications/helper.py

@@ -936,7 +936,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
     "dojo.middleware.LoginRequiredMiddleware",
     "dojo.middleware.AdditionalHeaderMiddleware",
-    "social_django.middleware.SocialAuthExceptionMiddleware",
+    "dojo.middleware.CustomSocialAuthExceptionMiddleware",
     "crum.CurrentRequestUserMiddleware",
     "dojo.middleware.AuditlogMiddleware",
     "dojo.middleware.AsyncSearchContextMiddleware",

dojo/settings/settings.dist.py

@@ -25,6 +25,19 @@ def parse_findings(self, test, data):
                 agent_ip = item.get("agent_ip")
                 detection_time = item.get("detection_time").split("T")[0]
 
+                # Map Wazuh severity to its equivalent in DefectDojo
+                SEVERITY_MAP = {
+                    "Critical": "Critical",
+                    "High": "High",
+                    "Medium": "Medium",
+                    "Low": "Low",
+                    "Info": "Info",
+                    "Informational": "Info",
+                    "Untriaged": "Info",
+                }
+                # Get DefectDojo severity and default to "Info" if severity is not in the mapping
+                severity = SEVERITY_MAP.get(severity, "Info")
+
                 references = "\n".join(links) if links else None
 
                 title = (