Merge pull request #10919 from DefectDojo/release/2.38.2

Release: Merge release into master from: release/2.38.2

Author: rossops

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.38.1",
+  "version": "2.38.2",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docs/content/en/integrations/parsers/file/invicti.md

@@ -0,0 +1,9 @@
+---
+title: "Invicti"
+toc_hide: true
+---
+Vulnerabilities List - JSON report
+
+### Sample Scan Data
+
+Sample Invicti scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/invicti).

docs/content/en/integrations/parsers/file/netsparker.md

@@ -4,5 +4,8 @@ toc_hide: true
 ---
 Vulnerabilities List - JSON report
 
+[Netsparker has now become Invicti](https://www.invicti.com/blog/news/netsparker-is-now-invicti-signaling-a-new-era-for-modern-appsec/). Please plan to migrate automation scripts to use the [Invicti Scan](../invicti.md)
+
 ### Sample Scan Data
+
 Sample Netsparker scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/netsparker).

dojo/__init__.py

@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = "2.38.1"
+__version__ = "2.38.2"
 __url__ = "https://github.com/DefectDojo/django-DefectDojo"
 __docs__ = "https://documentation.defectdojo.com"

dojo/api_v2/exception_handler.py

@@ -2,6 +2,7 @@
 
 from django.core.exceptions import ValidationError
 from django.db.models.deletion import RestrictedError
+from rest_framework.exceptions import ParseError
 from rest_framework.response import Response
 from rest_framework.status import (
     HTTP_400_BAD_REQUEST,
@@ -20,7 +21,11 @@ def custom_exception_handler(exc, context):
     # to get the standard error response.
     response = exception_handler(exc, context)
 
-    if isinstance(exc, RestrictedError):
+    if isinstance(exc, ParseError) and "JSON parse error" in str(exc):
+        response = Response()
+        response.status_code = HTTP_400_BAD_REQUEST
+        response.data = {"message": "JSON request content is malformed"}
+    elif isinstance(exc, RestrictedError):
         # An object cannot be deleted because it has dependent objects.
         response = Response()
         response.status_code = HTTP_409_CONFLICT

dojo/metrics/utils.py

@@ -500,7 +500,7 @@ def aggregate_counts_by_period(
         )
         desired_values += ("closed",)
 
-    return severities_by_period.values(*desired_values)
+    return severities_by_period.order_by("grouped_date").values(*desired_values)
 
 
 def findings_by_product(

dojo/settings/.settings.dist.py.sha256sum

@@ -1 +1 @@
-5adedc433a342d675492b86dc18786f72e167115f9718a397dc9b91c5fdc9c94
+702d74c8bc703d11c03cf5b3f7c4319ad0cdeaef68db6426d1112c59e59365a6

dojo/settings/settings.dist.py

@@ -1279,6 +1279,7 @@ def saml2_attrib_map_format(dict):
     "AppCheck Web Application Scanner": ["title", "severity"],
     "Legitify Scan": ["title", "endpoints", "severity"],
     "ThreatComposer Scan": ["title", "description"],
+    "Invicti Scan": ["title", "description", "severity"],
 }
 
 # Override the hardcoded settings here via the env var
@@ -1495,14 +1496,15 @@ def saml2_attrib_map_format(dict):
     "OSV Scan": DEDUPE_ALGO_HASH_CODE,
     "Nosey Parker Scan": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE,
     "Bearer CLI": DEDUPE_ALGO_HASH_CODE,
-    "Wiz Scan": DEDUPE_ALGO_HASH_CODE,
+    "Wiz Scan": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE,
     "Deepfence Threatmapper Report": DEDUPE_ALGO_HASH_CODE,
     "Kubescape JSON Importer": DEDUPE_ALGO_HASH_CODE,
     "Kiuwan SCA Scan": DEDUPE_ALGO_HASH_CODE,
     "Rapplex Scan": DEDUPE_ALGO_HASH_CODE,
     "AppCheck Web Application Scanner": DEDUPE_ALGO_HASH_CODE,
     "Legitify Scan": DEDUPE_ALGO_HASH_CODE,
     "ThreatComposer Scan": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE,
+    "Invicti Scan": DEDUPE_ALGO_HASH_CODE,
 }
 
 # Override the hardcoded settings here via the env var

dojo/templates/dojo/product.html

@@ -122,18 +122,20 @@ <h3 class="has-filters">
                                               <i class="fa-solid fa-pen-to-square"></i> Edit Custom Fields
                                             </a>
                                           </li>
-                                          <li role="separator" class="divider"></li>
-                                          <li role="presentation">
-                                              <a class="" href="{% url 'add_api_scan_configuration' prod.id %}">
-                                                  <i class="fa-solid fa-rectangle-list"></i> Add Scan API Configuration
-                                              </a>
-                                          </li>
+                                        {% endif %}
+                                        <li role="separator" class="divider"></li>
+                                        {% if prod|has_object_permission:"Product_API_Scan_Configuration_Edit" %}  
                                           <li role="presentation">
-                                              <a title="View API Scan configurations" href="{% url 'view_api_scan_configurations' prod.id %}">
-                                                <i class="fa-solid fa-clock-rotate-left"></i> View Scan API Configurations
-                                              </a>
+                                            <a class="" href="{% url 'add_api_scan_configuration' prod.id %}">
+                                              <i class="fa-solid fa-rectangle-list"></i> Add Scan API Configuration
+                                            </a>
                                           </li>
                                         {% endif %}
+                                        <li role="presentation">
+                                            <a title="View API Scan configurations" href="{% url 'view_api_scan_configurations' prod.id %}">
+                                              <i class="fa-solid fa-clock-rotate-left"></i> View Scan API Configurations
+                                            </a>
+                                        </li>
                                         {% if system_settings.enable_product_tracking_files %}
                                           <li role="separator" class="divider"></li>
                                           {% if prod|has_object_permission:"Product_Tracking_Files_Add" %}

dojo/templates/dojo/view_product_details.html

@@ -41,19 +41,21 @@ <h3 class="pull-left">{% trans "Description" %}</h3>
                         <i class="fa-solid fa-pen-to-square"></i>{% trans "Edit Custom Fields" %}
                     </a>
                   </li>
-                  <li role="separator" class="divider"></li>
-                  <li role="presentation">
-                      <a class="" href="{% url 'add_api_scan_configuration' prod.id %}">
-                          <i class="fa-solid fa-plus"></i>{% trans "Add API Scan Configuration" %}
-                      </a>
-                  </li>
+                {% endif %}
+                <li role="separator" class="divider"></li>
+                {% if prod|has_object_permission:"Product_API_Scan_Configuration_Add" %}
                   <li role="presentation">
-                      <a title="View API Scan Configurations"
-                         href="{% url 'view_api_scan_configurations' prod.id %}">
-                          <i class="fa-solid fa-rectangle-list"></i>{% trans "View API Scan Configurations" %}
-                      </a>
+                    <a class="" href="{% url 'add_api_scan_configuration' prod.id %}">
+                      <i class="fa-solid fa-plus"></i>{% trans "Add API Scan Configuration" %}
+                    </a>
                   </li>
                 {% endif %}
+                <li role="presentation">
+                    <a title="View API Scan Configurations"
+                        href="{% url 'view_api_scan_configurations' prod.id %}">
+                        <i class="fa-solid fa-rectangle-list"></i>{% trans "View API Scan Configurations" %}
+                    </a>
+                </li>
                 {% if system_settings.enable_product_tracking_files %}
                   <li role="separator" class="divider"></li>
                   {% if prod|has_object_permission:"Product_Tracking_Files_Add" %}