Merge pull request #13276 from DefectDojo/master-into-dev/2.50.4-2.51.0-dev

Release: Merge back 2.50.4 into dev from: master-into-dev/2.50.4-2.51.0-dev

Author: rossops

.github/workflows/k8s-tests.yml

@@ -27,7 +27,7 @@ jobs:
           # are tested (https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#available-versions)
           - databases: pgsql
             brokers: redis
-            k8s: 'v1.34.1'
+            k8s: 'v1.34.0'
             os: debian
     steps:
       - name: Checkout

docs/content/en/changelog/changelog.md

@@ -10,6 +10,10 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 ## Sept 2025: v2.50
 
+### Sept 15, 2025: v2.50.3
+
+* **(Pro UI)** Added support for [CVSSv4.0](https://www.first.org/cvss/v4-0/) vector strings.
+
 ### Sept 15, 2025: v2.50.2
 
 * **(Pro UI)** Added Any/All status filtering.  Filtering by status allows you to apply either AND (inner join) logic, or OR (outer join) logic to the filter.

dojo/forms.py

@@ -343,10 +343,6 @@ class ProductForm(forms.ModelForm):
     product_manager = forms.ModelChoiceField(queryset=Dojo_User.objects.exclude(is_active=False).order_by("first_name", "last_name"), required=False)
     technical_contact = forms.ModelChoiceField(queryset=Dojo_User.objects.exclude(is_active=False).order_by("first_name", "last_name"), required=False)
     team_manager = forms.ModelChoiceField(queryset=Dojo_User.objects.exclude(is_active=False).order_by("first_name", "last_name"), required=False)
-    tags = TagField(
-        required=False,
-        help_text="Add tags that help describe this product. Choose from the list or add new tags. Press Enter key to add.",
-    )
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
@@ -1018,10 +1014,6 @@ class EngForm(forms.ModelForm):
         queryset=None,
         required=True, label="Testing Lead")
     test_strategy = forms.URLField(required=False, label="Test Strategy URL")
-    tags = TagField(
-        required=False,
-        help_text="Add tags that help describe this engagement. Choose from the list or add new tags. Press Enter key to add.",
-    )
 
     def __init__(self, *args, **kwargs):
         cicd = False
@@ -1104,10 +1096,6 @@ class TestForm(forms.ModelForm):
     lead = forms.ModelChoiceField(
         queryset=None,
         required=False, label="Testing Lead")
-    tags = TagField(
-        required=False,
-        help_text="Add tags that help describe this test. Choose from the list or add new tags. Press Enter key to add.",
-    )
 
     def __init__(self, *args, **kwargs):
         obj = None
@@ -1464,10 +1452,6 @@ class FindingForm(forms.ModelForm):
         choices=EFFORT_FOR_FIXING_CHOICES,
         error_messages={
             "invalid_choice": EFFORT_FOR_FIXING_INVALID_CHOICE})
-    tags = TagField(
-        required=False,
-        help_text="Add tags that help describe this finding. Choose from the list or add new tags. Press Enter key to add.",
-    )
 
     # the only reliable way without hacking internal fields to get predicatble ordering is to make it explicit
     field_order = ("title", "group", "date", "sla_start_date", "sla_expiration_date", "cwe", "vulnerability_ids", "severity", "cvss_info", "cvssv3",
@@ -1739,11 +1723,6 @@ class Meta:
 
 
 class EditEndpointForm(forms.ModelForm):
-    tags = TagField(
-        required=False,
-        help_text="Add tags that help describe this endpoint. Choose from the list or add new tags. Press Enter key to add.",
-    )
-
     class Meta:
         model = Endpoint
         exclude = ["product", "inherited_tags"]

dojo/jira_link/helper.py

@@ -1401,14 +1401,16 @@ def update_epic(engagement, **kwargs):
             jira = get_jira_connection(jira_instance)
             j_issue = get_jira_issue(engagement)
             issue = jira.issue(j_issue.jira_id)
-
             epic_name = kwargs.get("epic_name")
             if not epic_name:
                 epic_name = engagement.name
-
+            description = epic_name
+            branch_tag = engagement.branch_tag
+            if branch_tag:
+                description += "\nBranch: " + branch_tag
             jira_issue_update_kwargs = {
                 "summary": epic_name,
-                "description": epic_name,
+                "description": description,
             }
             if (epic_priority := kwargs.get("epic_priority")) is not None:
                 jira_issue_update_kwargs["priority"] = {"name": epic_priority}
@@ -1443,12 +1445,16 @@ def add_epic(engagement, **kwargs):
         epic_issue_type_name = getattr(jira_project, "epic_issue_type_name", "Epic")
         if not epic_name:
             epic_name = engagement.name
+        description = epic_name
+        branch_tag = engagement.branch_tag
+        if branch_tag:
+            description += "\nBranch: " + branch_tag
         issue_dict = {
             "project": {
                 "key": jira_project.project_key,
             },
             "summary": epic_name,
-            "description": epic_name,
+            "description": description,
             "issuetype": {
                 "name": epic_issue_type_name,
             },

dojo/tools/api_sonarqube/api_client.py

@@ -334,6 +334,31 @@ def get_hotspot_rule(self, rule_id):
             self.rules_cache.update({rule_id: rule})
         return rule
 
+    def get_hotspot(self, rule_id):
+        """
+        Get detailed information about a hotspot
+        :param rule_id:
+        :return:
+        """
+        rule = self.rules_cache.get(rule_id)
+        if not rule:
+            response = self.session.get(
+                url=f"{self.sonar_api_url}/hotspots/search",
+                params={"hotspots": rule_id},
+                headers=self.default_headers,
+                timeout=settings.REQUESTS_TIMEOUT,
+            )
+            if not response.ok:
+                msg = (
+                    f"Unable to get the hotspot rule {rule_id} "
+                    f"due to {response.status_code} - {response.content}"
+                )
+                raise Exception(msg)
+
+            rule = response.json()["hotspots"][0]
+            self.rules_cache.update({rule_id: rule})
+        return rule
+
     def transition_issue(self, issue_key, transition):
         """
         Do workflow transition on an issue. Requires authentication and Browse permission on project.
@@ -375,6 +400,46 @@ def transition_issue(self, issue_key, transition):
             )
             raise Exception(msg)
 
+    def transition_hotspot(self, issue_key, status, resolution=None):
+        """
+        Do workflow transition on an issue. Requires authentication and Browse permission on project.
+        The transitions 'wontfix' and 'falsepositive' require the permission 'Administer Issues'.
+        The transitions involving security hotspots (except 'requestreview') require
+        the permission 'Administer Security Hotspot'.
+
+        Possible resolution values:
+        - FIXED
+        - SAFE
+        - ACKNOWLEDGED
+
+        Possible status values:
+        - TO_REVIEW
+        - REVIEWED
+
+        :param issue_key:
+        :param status:
+        :param resolution:
+        :return:
+        """
+        data = {"hotspot": issue_key, "status": status}
+
+        if resolution:
+            data["resolution"] = resolution
+
+        response = self.session.post(
+            url=f"{self.sonar_api_url}/hotspots/change_status",
+            data=data,
+            headers=self.default_headers,
+            timeout=settings.REQUESTS_TIMEOUT,
+        )
+
+        if not response.ok:
+            msg = (
+                f"Unable to change status {status} / resolution {resolution} the issue {issue_key} "
+                f'due to {response.status_code} - {response.content.decode("utf-8")}'
+            )
+            raise Exception(msg)
+
     def add_comment(self, issue_key, text):
         """
         Add a comment.