Merge pull request DefectDojo#11460 from DefectDojo/release/2.41.3

Release: Merge release into master from: release/2.41.3
hblankenship · Dec 23, 2024 · 8facda6 · 8facda6
2 parents f1d6d02 + bc6b530
commit 8facda6
Show file tree

Hide file tree

Showing 12 changed files with 959 additions and 562 deletions.
diff --git a/components/package.json b/components/package.json
@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.41.2",
+  "version": "2.41.3",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

diff --git a/docs/content/en/open_source/archived_docs/integrations/social-authentication.md b/docs/content/en/open_source/archived_docs/integrations/social-authentication.md
@@ -213,7 +213,7 @@ This will ensure the user is added to all the groups found in the Azure AD Token
 
 The Azure AD token returned by Azure will also need to be configured to include group IDs. Without this step, the
 token will not contain any notion of a group, and the mapping process will report that the current user is not a member of any 
-groups. To update the the format of the token, add a group claim that applies to whatever group type you are using.
+groups. To update the format of the token, add a group claim that applies to whatever group type you are using.
 If unsure of what type that is, select `All Groups`. Do not activate `Emit groups as role claims` within the Azure AD 
 "Token configuration" page.
 

diff --git a/dojo/__init__.py b/dojo/__init__.py
@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = "2.41.2"
+__version__ = "2.41.3"
 __url__ = "https://github.com/DefectDojo/django-DefectDojo"
 __docs__ = "https://documentation.defectdojo.com"
diff --git a/dojo/engagement/views.py b/dojo/engagement/views.py
@@ -28,7 +28,6 @@
 from openpyxl.styles import Font
 
 import dojo.jira_link.helper as jira_helper
-import dojo.notifications.helper as notifications_helper
 import dojo.risk_acceptance.helper as ra_helper
 from dojo.authorization.authorization import user_has_permission_or_403
 from dojo.authorization.authorization_decorators import user_is_authorized
@@ -653,7 +652,15 @@ def add_tests(request, eid):
                 "Test added successfully.",
                 extra_tags="alert-success")
 
-            notifications_helper.notify_test_created(new_test)
+            create_notification(
+                event="test_added",
+                title=f"Test created for {new_test.engagement.product}: {new_test.engagement.name}: {new_test}",
+                test=new_test,
+                engagement=new_test.engagement,
+                product=new_test.engagement.product,
+                url=reverse("view_test", args=(new_test.id,)),
+                url_api=reverse("test-detail", args=(new_test.id,)),
+            )
 
             if "_Add Another Test" in request.POST:
                 return HttpResponseRedirect(

diff --git a/dojo/importers/base_importer.py b/dojo/importers/base_importer.py
@@ -5,6 +5,7 @@
 from django.core.exceptions import ValidationError
 from django.core.files.base import ContentFile
 from django.core.files.uploadedfile import TemporaryUploadedFile
+from django.urls import reverse
 from django.utils.timezone import make_aware
 
 import dojo.finding.helper as finding_helper
@@ -28,6 +29,7 @@
     Test_Type,
     Vulnerability_Id,
 )
+from dojo.notifications.helper import create_notification
 from dojo.tools.factory import get_parser
 from dojo.utils import max_safe
 
@@ -719,3 +721,38 @@ def mitigate_finding(
             finding.save(dedupe_option=False)
         else:
             finding.save(dedupe_option=False, push_to_jira=self.push_to_jira)
+
+    def notify_scan_added(
+        self,
+        test,
+        updated_count,
+        new_findings=[],
+        findings_mitigated=[],
+        findings_reactivated=[],
+        findings_untouched=[],
+    ):
+        logger.debug("Scan added notifications")
+
+        new_findings = sorted(new_findings, key=lambda x: x.numerical_severity)
+        findings_mitigated = sorted(findings_mitigated, key=lambda x: x.numerical_severity)
+        findings_reactivated = sorted(findings_reactivated, key=lambda x: x.numerical_severity)
+        findings_untouched = sorted(findings_untouched, key=lambda x: x.numerical_severity)
+
+        title = (
+            f"Created/Updated {updated_count} findings for {test.engagement.product}: {test.engagement.name}: {test}"
+        )
+
+        create_notification(
+            event="scan_added_empty" if updated_count == 0 else "scan_added",
+            title=title,
+            findings_new=new_findings,
+            findings_mitigated=findings_mitigated,
+            findings_reactivated=findings_reactivated,
+            finding_count=updated_count,
+            test=test,
+            engagement=test.engagement,
+            product=test.engagement.product,
+            findings_untouched=findings_untouched,
+            url=reverse("view_test", args=(test.id,)),
+            url_api=reverse("test-detail", args=(test.id,)),
+        )
diff --git a/dojo/importers/default_importer.py b/dojo/importers/default_importer.py
@@ -3,10 +3,10 @@
 from django.core.files.uploadedfile import TemporaryUploadedFile
 from django.core.serializers import deserialize, serialize
 from django.db.models.query_utils import Q
+from django.urls import reverse
 
 import dojo.finding.helper as finding_helper
 import dojo.jira_link.helper as jira_helper
-import dojo.notifications.helper as notifications_helper
 from dojo.importers.base_importer import BaseImporter, Parser
 from dojo.importers.options import ImporterOptions
 from dojo.models import (
@@ -15,6 +15,7 @@
     Test,
     Test_Import,
 )
+from dojo.notifications.helper import create_notification
 
 logger = logging.getLogger(__name__)
 deduplicationLogger = logging.getLogger("dojo.specific-loggers.deduplication")
@@ -126,9 +127,17 @@ def process_scan(
         )
         # Send out some notifications to the user
         logger.debug("IMPORT_SCAN: Generating notifications")
-        notifications_helper.notify_test_created(self.test)
+        create_notification(
+            event="test_added",
+            title=f"Test created for {self.test.engagement.product}: {self.test.engagement.name}: {self.test}",
+            test=self.test,
+            engagement=self.test.engagement,
+            product=self.test.engagement.product,
+            url=reverse("view_test", args=(self.test.id,)),
+            url_api=reverse("test-detail", args=(self.test.id,)),
+        )
         updated_count = len(new_findings) + len(closed_findings)
-        notifications_helper.notify_scan_added(
+        self.notify_scan_added(
             self.test,
             updated_count,
             new_findings=new_findings,

diff --git a/dojo/importers/default_reimporter.py b/dojo/importers/default_reimporter.py
@@ -6,7 +6,6 @@
 
 import dojo.finding.helper as finding_helper
 import dojo.jira_link.helper as jira_helper
-import dojo.notifications.helper as notifications_helper
 from dojo.importers.base_importer import BaseImporter, Parser
 from dojo.importers.options import ImporterOptions
 from dojo.models import (
@@ -128,7 +127,7 @@ def process_scan(
         updated_count = (
             len(closed_findings) + len(reactivated_findings) + len(new_findings)
         )
-        notifications_helper.notify_scan_added(
+        self.notify_scan_added(
             self.test,
             updated_count,
             new_findings=new_findings,