Skip to content

Commit 8753b2b

Browse files
MaffoochMaffooch
authored
Merge pull request #10963 from DefectDojo/release/2.38.4
Release: Merge release into master from: release/2.38.4
2 parents bc33ee5 + fef200a commit 8753b2b

11 files changed

Lines changed: 154 additions & 17 deletions

File tree

components/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "defectdojo",
3-
"version": "2.38.3",
3+
"version": "2.38.4",
44
"license" : "BSD-3-Clause",
55
"private": true,
66
"dependencies": {

dojo/__init__.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,6 @@
44
# Django starts so that shared_task will use this app.
55
from .celery import app as celery_app # noqa: F401
66

7-
__version__ = "2.38.3"
7+
__version__ = "2.38.4"
88
__url__ = "https://github.com/DefectDojo/django-DefectDojo"
99
__docs__ = "https://documentation.defectdojo.com"

dojo/api_v2/serializers.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -553,7 +553,7 @@ def validate(self, data):
553553
if self.context["request"].method in ["PATCH", "PUT"] and "password" in data:
554554
msg = "Update of password though API is not allowed"
555555
raise ValidationError(msg)
556-
if self.context["request"].method == "POST" and "password" not in data:
556+
if self.context["request"].method == "POST" and "password" not in data and settings.REQUIRE_PASSWORD_ON_USER:
557557
msg = "Passwords must be supplied for new users"
558558
raise ValidationError(msg)
559559
else:

dojo/api_v2/views.py

Lines changed: 19 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -298,6 +298,7 @@ def get_queryset(self):
298298

299299
# Authorization: object-based
300300
# @extend_schema_view(**schema_with_prefetch())
301+
# Nested models with prefetch make the response schema too long for Swagger UI
301302
class EndPointViewSet(
302303
PrefetchDojoModelViewSet,
303304
):
@@ -353,7 +354,8 @@ def generate_report(self, request, pk=None):
353354

354355

355356
# Authorization: object-based
356-
@extend_schema_view(**schema_with_prefetch())
357+
# @extend_schema_view(**schema_with_prefetch())
358+
# Nested models with prefetch make the response schema too long for Swagger UI
357359
class EndpointStatusViewSet(
358360
PrefetchDojoModelViewSet,
359361
):
@@ -382,7 +384,8 @@ def get_queryset(self):
382384

383385

384386
# Authorization: object-based
385-
@extend_schema_view(**schema_with_prefetch())
387+
# @extend_schema_view(**schema_with_prefetch())
388+
# Nested models with prefetch make the response schema too long for Swagger UI
386389
class EngagementViewSet(
387390
PrefetchDojoModelViewSet,
388391
ra_api.AcceptedRisksMixin,
@@ -636,7 +639,8 @@ def download_file(self, request, file_id, pk=None):
636639
return generate_file_response(file_object)
637640

638641

639-
@extend_schema_view(**schema_with_prefetch())
642+
# @extend_schema_view(**schema_with_prefetch())
643+
# Nested models with prefetch make the response schema too long for Swagger UI
640644
class RiskAcceptanceViewSet(
641645
PrefetchDojoModelViewSet,
642646
):
@@ -735,7 +739,8 @@ def get_queryset(self):
735739

736740

737741
# Authorization: configuration
738-
@extend_schema_view(**schema_with_prefetch())
742+
# @extend_schema_view(**schema_with_prefetch())
743+
# Nested models with prefetch make the response schema too long for Swagger UI
739744
class CredentialsMappingViewSet(
740745
PrefetchDojoModelViewSet,
741746
):
@@ -1475,7 +1480,8 @@ def get_queryset(self):
14751480

14761481

14771482
# Authorization: object-based
1478-
@extend_schema_view(**schema_with_prefetch())
1483+
# @extend_schema_view(**schema_with_prefetch())
1484+
# Nested models with prefetch make the response schema too long for Swagger UI
14791485
class JiraIssuesViewSet(
14801486
PrefetchDojoModelViewSet,
14811487
):
@@ -1591,7 +1597,8 @@ def get_queryset(self):
15911597

15921598

15931599
# Authorization: object-based
1594-
@extend_schema_view(**schema_with_prefetch())
1600+
# @extend_schema_view(**schema_with_prefetch())
1601+
# Nested models with prefetch make the response schema too long for Swagger UI
15951602
class DojoMetaViewSet(
15961603
PrefetchDojoModelViewSet,
15971604
):
@@ -1902,7 +1909,8 @@ def partial_update(self, request, pk=None):
19021909

19031910

19041911
# Authorization: object-based
1905-
@extend_schema_view(**schema_with_prefetch())
1912+
# @extend_schema_view(**schema_with_prefetch())
1913+
# Nested models with prefetch make the response schema too long for Swagger UI
19061914
class StubFindingsViewSet(
19071915
PrefetchDojoModelViewSet,
19081916
):
@@ -1941,7 +1949,8 @@ def get_queryset(self):
19411949

19421950

19431951
# Authorization: object-based
1944-
@extend_schema_view(**schema_with_prefetch())
1952+
# @extend_schema_view(**schema_with_prefetch())
1953+
# Nested models with prefetch make the response schema too long for Swagger UI
19451954
class TestsViewSet(
19461955
PrefetchDojoModelViewSet,
19471956
ra_api.AcceptedRisksMixin,
@@ -2149,7 +2158,8 @@ def get_queryset(self):
21492158
return Test_Type.objects.all().order_by("id")
21502159

21512160

2152-
@extend_schema_view(**schema_with_prefetch())
2161+
# @extend_schema_view(**schema_with_prefetch())
2162+
# Nested models with prefetch make the response schema too long for Swagger UI
21532163
class TestImportViewSet(
21542164
PrefetchDojoModelViewSet,
21552165
):

dojo/forms.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2170,7 +2170,7 @@ def clean(self):
21702170
class AddDojoUserForm(forms.ModelForm):
21712171
email = forms.EmailField(required=True)
21722172
password = forms.CharField(widget=forms.PasswordInput,
2173-
required=True,
2173+
required=settings.REQUIRE_PASSWORD_ON_USER,
21742174
validators=[validate_password],
21752175
help_text="")
21762176

dojo/settings/.settings.dist.py.sha256sum

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
f7e63afa0003d1992f8247f9a7a830847bd7498fa1e2d46d6ea04e3006bb9ee2
1+
aa4ec1520b0bc612431ecb7f80a53cca997fd415ff39d8b9c718fb3fc30b2fef

dojo/settings/settings.dist.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -304,6 +304,8 @@
304304
DD_QUALYS_LEGACY_SEVERITY_PARSING=(bool, True),
305305
# Use System notification settings to override user's notification settings
306306
DD_NOTIFICATIONS_SYSTEM_LEVEL_TRUMP=(list, ["user_mentioned", "review_requested"]),
307+
# When enabled, force the password field to be required for creating/updating users
308+
DD_REQUIRE_PASSWORD_ON_USER=(bool, True),
307309
)
308310

309311

@@ -527,6 +529,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
527529

528530
CLASSIC_AUTH_ENABLED = True
529531
FORGOT_PASSWORD = env("DD_FORGOT_PASSWORD")
532+
REQUIRE_PASSWORD_ON_USER = env("DD_REQUIRE_PASSWORD_ON_USER")
530533
FORGOT_USERNAME = env("DD_FORGOT_USERNAME")
531534
PASSWORD_RESET_TIMEOUT = env("DD_PASSWORD_RESET_TIMEOUT")
532535
# Showing login form (form is not needed for external auth: OKTA, Google Auth, etc.)

dojo/tools/awssecurityhub/inspector.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,10 @@ def get_item(self, finding: dict, test):
1212
impact = []
1313
references = []
1414
unsaved_vulnerability_ids = []
15-
epss_score = None
15+
if finding.get("EpssScore") is not None:
16+
epss_score = finding.get("EpssScore")
17+
else:
18+
epss_score = None
1619
description = f"This is an Inspector Finding\n{finding.get('Description', '')}" + "\n"
1720
description += f"**AWS Finding ARN:** {finding_id}\n"
1821
description += f"**AwsAccountId:** {finding.get('AwsAccountId', '')}\n"

helm/defectdojo/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
apiVersion: v2
2-
appVersion: "2.38.3"
2+
appVersion: "2.38.4"
33
description: A Helm chart for Kubernetes to install DefectDojo
44
name: defectdojo
5-
version: 1.6.151
5+
version: 1.6.152
66
icon: https://www.defectdojo.org/img/favicon.ico
77
maintainers:
88
- name: madchap

unittests/scans/awssecurityhub/issue_10956.json

Lines changed: 113 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,113 @@
1+
{
2+
"findings": [
3+
{
4+
"EpssScore": "0.00239",
5+
"SchemaVersion": "2018-10-08",
6+
"Id": "arn:aws:inspector2:us-east-1:1234567:finding/12344bc",
7+
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
8+
"ProductName": "Inspector",
9+
"CompanyName": "Amazon",
10+
"Region": "us-east-1",
11+
"GeneratorId": "AWSInspector",
12+
"AwsAccountId": "1234567",
13+
"Types": [
14+
"Software and Configuration Checks/Vulnerabilities/CVE"
15+
],
16+
"FirstObservedAt": "2024-07-30T12:17:32.646Z",
17+
"LastObservedAt": "2024-09-18T05:16:44.106Z",
18+
"CreatedAt": "2024-07-30T12:17:32.646Z",
19+
"UpdatedAt": "2024-09-18T05:16:44.106Z",
20+
"Severity": {
21+
"Label": "MEDIUM",
22+
"Normalized": 50
23+
},
24+
"Title": "CVE-2024-123 - fdd",
25+
"Description": "A vulnerability was found in sdd.",
26+
"Remediation": {
27+
"Recommendation": {
28+
"Text": "None Provided"
29+
}
30+
},
31+
"ProductFields": {
32+
"aws/inspector/FindingStatus": "ACTIVE",
33+
"aws/inspector/inspectorScore": "5.1",
34+
"aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "AMAZON_LINUX_2023",
35+
"aws/inspector/ProductVersion": "1",
36+
"aws/inspector/instanceId": "i-1234xxyy",
37+
"aws/securityhub/FindingId": "arn:aws:inspector2:us-east-1:1234567:finding/addfss",
38+
"aws/securityhub/ProductName": "Inspector",
39+
"aws/securityhub/CompanyName": "Amazon"
40+
},
41+
"Resources": [
42+
{
43+
"Type": "AwsEc2Instance",
44+
"Id": "i-1234xxyy",
45+
"Partition": "aws",
46+
"Region": "us-east-1",
47+
"Tags": {
48+
"Name": "Name:xx-123-yy"
49+
},
50+
"Details": {
51+
"AwsEc2Instance": {
52+
"Type": "tt",
53+
"ImageId": "ami-1234",
54+
"IpV4Addresses": [
55+
"0.0.0.0"
56+
],
57+
"IamInstanceProfileArn": "arn:aws:iam::1234567:instance-profile/something",
58+
"VpcId": "vpc-1234",
59+
"SubnetId": "subnet-xxxxxxx",
60+
"LaunchedAt": "2024-09-18T05:16:44.106Z"
61+
}
62+
}
63+
}
64+
],
65+
"WorkflowState": "NEW",
66+
"Workflow": {
67+
"Status": "NEW"
68+
},
69+
"RecordState": "ACTIVE",
70+
"Vulnerabilities": [
71+
{
72+
"Id": "CVE-2024-1234",
73+
"VulnerablePackages": [
74+
{
75+
"Name": "aa",
76+
"Version": "1.2.0",
77+
"Architecture": "X86_64]",
78+
"PackageManager": "OS",
79+
"FixedInVersion": "abc[2.0]"
80+
}
81+
],
82+
"Cvss": [
83+
{
84+
"Version": "3.1",
85+
"BaseScore": "7.5",
86+
"BaseVector": "CVSS:9.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
87+
"Source": "NVD"
88+
}
89+
],
90+
"Vendor": {
91+
"Name": "AMAZON_CVE",
92+
"Url": "https://alas.aws.amazon.com/cve/json/v1/CVE-2024-1234.json",
93+
"VendorSeverity": "Medium",
94+
"VendorCreatedAt": "2024-01-16T00:00:00Z",
95+
"VendorUpdatedAt": "2024-09-18T05:16:44.106Z"
96+
},
97+
"ReferenceUrls": [
98+
"https://alas.aws.amazon.com"
99+
],
100+
"FixAvailable": "YES"
101+
}
102+
],
103+
"FindingProviderFields": {
104+
"Severity": {
105+
"Label": "MEDIUM"
106+
},
107+
"Types": [
108+
"Software and Configuration Checks/Vulnerabilities/CVE"
109+
]
110+
}
111+
}
112+
]
113+
}

0 commit comments

Comments
 (0)