Merge pull request DefectDojo#9954 from DefectDojo/release/2.33.4

Release: Merge release into master from: release/2.33.4

Author: Maffooch

.github/workflows/detect-merge-conflicts.yaml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: check if prs are conflicted
-        uses: eps1lon/actions-label-merge-conflict@releases/2.x
+        uses: eps1lon/actions-label-merge-conflict@v3
         with:
           dirtyLabel: "conflicts-detected"
           repoToken: "${{ secrets.GITHUB_TOKEN }}"

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.33.3",
+  "version": "2.33.4",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docker/entrypoint.sh

@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = '2.33.3'
+__version__ = '2.33.4'
 __url__ = 'https://github.com/DefectDojo/django-DefectDojo'
 __docs__ = 'https://documentation.defectdojo.com'

dojo/__init__.py

@@ -1795,6 +1795,13 @@ def validate(self, data):
 
         return data
 
+    def validate_severity(self, value: str) -> str:
+        if value not in SEVERITIES:
+            raise serializers.ValidationError(
+                f"Severity must be one of the following: {SEVERITIES}"
+            )
+        return value
+
     def build_relational_field(self, field_name, relation_info):
         if field_name == "notes":
             return NoteSerializer, {"many": True, "read_only": True}
@@ -1922,6 +1929,13 @@ def validate(self, data):
 
         return data
 
+    def validate_severity(self, value: str) -> str:
+        if value not in SEVERITIES:
+            raise serializers.ValidationError(
+                f"Severity must be one of the following: {SEVERITIES}"
+            )
+        return value
+
 
 class VulnerabilityIdTemplateSerializer(serializers.ModelSerializer):
     class Meta:
@@ -1998,6 +2012,13 @@ class Meta:
         model = Stub_Finding
         fields = "__all__"
 
+    def validate_severity(self, value: str) -> str:
+        if value not in SEVERITIES:
+            raise serializers.ValidationError(
+                f"Severity must be one of the following: {SEVERITIES}"
+            )
+        return value
+
 
 class StubFindingCreateSerializer(serializers.ModelSerializer):
     test = serializers.PrimaryKeyRelatedField(queryset=Test.objects.all())
@@ -2009,6 +2030,13 @@ class Meta:
             "reporter": {"default": serializers.CurrentUserDefault()},
         }
 
+    def validate_severity(self, value: str) -> str:
+        if value not in SEVERITIES:
+            raise serializers.ValidationError(
+                f"Severity must be one of the following: {SEVERITIES}"
+            )
+        return value
+
 
 class ProductSerializer(TaggitSerializer, serializers.ModelSerializer):
     findings_count = serializers.SerializerMethodField()

dojo/api_v2/serializers.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.1.13 on 2024-04-17 17:59
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dojo', '0208_merge_acunetix'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='finding',
+            name='severity',
+            field=models.CharField(help_text='The severity level of this flaw (Critical, High, Medium, Low, Info).', max_length=200, verbose_name='Severity'),
+        ),
+    ]

dojo/db_migrations/0209_alter_finding_severity.py

@@ -10190,7 +10190,7 @@
         "cvssv3": null,
         "cvssv3_score": null,
         "url": null,
-        "severity": "HIGH",
+        "severity": "High",
         "description": "test finding",
         "mitigation": "test mitigation",
         "impact": "HIGH",
@@ -10259,7 +10259,7 @@
         "cvssv3": null,
         "cvssv3_score": null,
         "url": null,
-        "severity": "HIGH",
+        "severity": "High",
         "description": "test finding",
         "mitigation": "test mitigation",
         "impact": "HIGH",
@@ -10328,7 +10328,7 @@
         "cvssv3": null,
         "cvssv3_score": null,
         "url": null,
-        "severity": "HIGH",
+        "severity": "High",
         "description": "test finding",
         "mitigation": "test mitigation",
         "impact": "HIGH",
@@ -10397,7 +10397,7 @@
         "cvssv3": null,
         "cvssv3_score": null,
         "url": null,
-        "severity": "HIGH",
+        "severity": "High",
         "description": "test finding",
         "mitigation": "test mitigation",
         "impact": "HIGH",
@@ -10466,7 +10466,7 @@
         "cvssv3": null,
         "cvssv3_score": null,
         "url": null,
-        "severity": "HIGH",
+        "severity": "High",
         "description": "test finding",
         "mitigation": "test mitigation",
         "impact": "HIGH",
@@ -10535,7 +10535,7 @@
         "cvssv3": null,
         "cvssv3_score": null,
         "url": "http://www.example.com",
-        "severity": "HIGH",
+        "severity": "High",
         "description": "TEST finding",
         "mitigation": "MITIGATION",
         "impact": "HIGH",
@@ -34058,7 +34058,7 @@
     "fields": {
         "title": "test stub finding 1",
         "date": "2017-12-20",
-        "severity": "HIGH",
+        "severity": "High",
         "description": "test stub finding",
         "test": 3,
         "reporter": 1
@@ -34070,7 +34070,7 @@
     "fields": {
         "title": "test stub finding 2",
         "date": "2017-12-20",
-        "severity": "HIGH",
+        "severity": "High",
         "description": "test stub finding",
         "test": 14,
         "reporter": 1
@@ -34082,7 +34082,7 @@
     "fields": {
         "title": "test stub finding 3",
         "date": "2017-12-20",
-        "severity": "HIGH",
+        "severity": "High",
         "description": "test stub finding",
         "test": 13,
         "reporter": 1
@@ -34096,7 +34096,7 @@
         "cwe": null,
         "cve": null,
         "cvssv3": null,
-        "severity": "HIGH",
+        "severity": "High",
         "description": "XSS test template",
         "mitigation": "",
         "impact": "",
@@ -34116,7 +34116,7 @@
         "cwe": null,
         "cve": null,
         "cvssv3": null,
-        "severity": "HIGH",
+        "severity": "High",
         "description": "SQLi test template",
         "mitigation": "",
         "impact": "",

dojo/fixtures/defect_dojo_sample_data.json

@@ -314,15 +314,20 @@ def get_in_period_details(findings):
         elif obj.age > 90:
             age_detail[3] += 1
 
-        in_period_counts[obj.severity] += 1
-        in_period_counts['Total'] += 1
-
-        if obj.test.engagement.product.name not in in_period_details:
-            in_period_details[obj.test.engagement.product.name] = {
-                'path': reverse('product_open_findings', args=(obj.test.engagement.product.id,)),
-                'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0, 'Total': 0}
-        in_period_details[obj.test.engagement.product.name][obj.severity] += 1
-        in_period_details[obj.test.engagement.product.name]['Total'] += 1
+        # This condition should be true in nearly all cases,
+        # but there are some far edge cases
+        if obj.severity in in_period_counts:
+            in_period_counts[obj.severity] += 1
+            in_period_counts['Total'] += 1
+        # This condition should be true in nearly all cases,
+        # but there are some far edge cases
+        if obj.severity in in_period_details:
+            if obj.test.engagement.product.name not in in_period_details:
+                in_period_details[obj.test.engagement.product.name] = {
+                    'path': reverse('product_open_findings', args=(obj.test.engagement.product.id,)),
+                    'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0, 'Total': 0}
+            in_period_details[obj.test.engagement.product.name][obj.severity] += 1
+            in_period_details[obj.test.engagement.product.name]['Total'] += 1
 
     return in_period_counts, in_period_details, age_detail
 

dojo/metrics/views.py

@@ -2248,7 +2248,7 @@ class Finding(models.Model):
                            help_text=_("External reference that provides more information about this flaw."))  # not displayed and pretty much the same as references. To remove?
     severity = models.CharField(max_length=200,
                                 verbose_name=_('Severity'),
-                                help_text=_('The severity level of this flaw (Critical, High, Medium, Low, Informational).'))
+                                help_text=_('The severity level of this flaw (Critical, High, Medium, Low, Info).'))
     description = models.TextField(verbose_name=_('Description'),
                                 help_text=_("Longer more descriptive information about the flaw."))
     mitigation = models.TextField(verbose_name=_('Mitigation'),

dojo/models.py

@@ -817,7 +817,6 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
     'polymorphic',  # provides admin templates
     'django.contrib.admin',
     'django.contrib.humanize',
-    'gunicorn',
     'auditlog',
     'dojo',
     'watson',