diff --git a/components/package.json b/components/package.json index 5135d814f7..1b0d3b3ced 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.34.0", + "version": "2.34.1", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index 0ea36d94b7..f5f6e590d5 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = '2.34.0' +__version__ = '2.34.1' __url__ = 'https://github.com/DefectDojo/django-DefectDojo' __docs__ = 'https://documentation.defectdojo.com' diff --git a/dojo/reports/views.py b/dojo/reports/views.py index cb7a599f11..99d5480b77 100644 --- a/dojo/reports/views.py +++ b/dojo/reports/views.py @@ -119,12 +119,13 @@ def post(self, request: HttpRequest) -> HttpResponse: def _set_state(self, request: HttpRequest): self.request = request + self.host = report_url_resolver(request) self.selected_widgets = self.get_selected_widgets(request) self.widgets = list(self.selected_widgets.values()) def get_selected_widgets(self, request): - selected_widgets = report_widget_factory(json_data=request.POST['json'], request=request, finding_notes=False, - finding_images=False) + selected_widgets = report_widget_factory(json_data=request.POST['json'], request=request, host=self.host, + user=self.request.user, finding_notes=False, finding_images=False) if options := selected_widgets.get('report-options', None): self.report_format = options.report_type @@ -135,8 +136,9 @@ def get_selected_widgets(self, request): self.finding_notes = True self.finding_images = True - return report_widget_factory(json_data=request.POST['json'], request=request, finding_notes=self.finding_notes, - finding_images=self.finding_images) + return report_widget_factory(json_data=request.POST['json'], request=request, host=self.host, + user=request.user, finding_notes=self.finding_notes, + finding_images=self.finding_images) def get_form(self, request): return CustomReportJsonForm(request.POST) @@ -152,8 +154,10 @@ def get_template(self): def get_context(self): return { "widgets": self.widgets, + "host": self.host, "finding_notes": self.finding_notes, - "finding_images": self.finding_images, } + "finding_images": self.finding_images, + "user_id": self.request.user.id, } def report_findings(request): diff --git a/dojo/reports/widgets.py b/dojo/reports/widgets.py index 8eef453bb8..665b7758b4 100644 --- a/dojo/reports/widgets.py +++ b/dojo/reports/widgets.py @@ -247,6 +247,11 @@ class FindingList(Widget): def __init__(self, *args, **kwargs): if 'request' in kwargs: self.request = kwargs.get('request') + if 'user_id' in kwargs: + self.user_id = kwargs.get('user_id') + + if 'host' in kwargs: + self.host = kwargs.get('host') if 'findings' in kwargs: self.findings = kwargs.get('findings') @@ -285,8 +290,10 @@ def __init__(self, *args, **kwargs): def get_asciidoc(self): asciidoc = render_to_string("dojo/custom_asciidoc_report_findings.html", {"findings": self.findings.qs, + "host": self.host, "include_finding_notes": self.finding_notes, - "include_finding_images": self.finding_images, }) + "include_finding_images": self.finding_images, + "user_id": self.user_id}) return mark_safe(asciidoc) def get_html(self): @@ -294,7 +301,9 @@ def get_html(self): {"title": self.title, "findings": self.findings.qs, "include_finding_notes": self.finding_notes, - "include_finding_images": self.finding_images, }) + "include_finding_images": self.finding_images, + "host": self.host, + "user_id": self.user_id}) return mark_safe(html) def get_option_form(self): @@ -314,6 +323,11 @@ class EndpointList(Widget): def __init__(self, *args, **kwargs): if 'request' in kwargs: self.request = kwargs.get('request') + if 'user_id' in kwargs: + self.user_id = kwargs.get('user_id') + + if 'host' in kwargs: + self.host = kwargs.get('host') if 'endpoints' in kwargs: self.endpoints = kwargs.get('endpoints') @@ -349,14 +363,18 @@ def get_html(self): {"title": self.title, "endpoints": self.endpoints.qs, "include_finding_notes": self.finding_notes, - "include_finding_images": self.finding_images, }) + "include_finding_images": self.finding_images, + "host": self.host, + "user_id": self.user_id}) return mark_safe(html) def get_asciidoc(self): asciidoc = render_to_string("dojo/custom_asciidoc_report_endpoints.html", {"endpoints": self.endpoints.qs, + "host": self.host, "include_finding_notes": self.finding_notes, - "include_finding_images": self.finding_images, }) + "include_finding_images": self.finding_images, + "user_id": self.user_id}) return mark_safe(asciidoc) def get_option_form(self): @@ -370,7 +388,8 @@ def get_option_form(self): return mark_safe(html) -def report_widget_factory(json_data=None, request=None, finding_notes=False, finding_images=False): +def report_widget_factory(json_data=None, request=None, user=None, finding_notes=False, finding_images=False, + host=None): selected_widgets = OrderedDict() widgets = json.loads(json_data) for idx, widget in enumerate(widgets): @@ -394,8 +413,9 @@ def report_widget_factory(json_data=None, request=None, finding_notes=False, fin filter_string_matching = get_system_setting("filter_string_matching", False) filter_class = EndpointFilterWithoutObjectLookups if filter_string_matching else EndpointFilter endpoints = filter_class(d, queryset=endpoints, user=request.user) + user_id = user.id if user is not None else None endpoints = EndpointList(request=request, endpoints=endpoints, finding_notes=finding_notes, - finding_images=finding_images) + finding_images=finding_images, host=host, user_id=user_id) selected_widgets[list(widget.keys())[0] + '-' + str(idx)] = endpoints @@ -409,9 +429,11 @@ def report_widget_factory(json_data=None, request=None, finding_notes=False, fin d[item['name']] = item['value'] findings = ReportFindingFilter(d, queryset=findings) + user_id = user.id if user is not None else None selected_widgets[list(widget.keys())[0] + '-' + str(idx)] = FindingList(request=request, findings=findings, finding_notes=finding_notes, - finding_images=finding_images) + finding_images=finding_images, + host=host, user_id=user_id) if list(widget.keys())[0] == 'wysiwyg-content': wysiwyg_content = WYSIWYGContent(request=request) diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 0dc02c38db..3a7eff0884 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.34.0" +appVersion: "2.34.1" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.126 +version: 1.6.127 icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap