Merge pull request #9615 from DefectDojo/release/2.31.3

Release: Merge release into master from: release/2.31.3

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.31.2",
+  "version": "2.31.3",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

dojo/__init__.py

@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa
 
-__version__ = '2.31.2'
+__version__ = '2.31.3'
 __url__ = 'https://github.com/DefectDojo/django-DefectDojo'
 __docs__ = 'https://documentation.defectdojo.com'

dojo/db_migrations/0187_nessus_to_tenable.py

@@ -34,7 +34,7 @@ def migrate_nessus_findings_to_tenable(apps, schema_editor):
     finding_model = apps.get_model('dojo', 'Finding')
     test_type_model = apps.get_model('dojo', 'Test_Type')
     # Get or create Tenable Test Type and fetch the nessus and nessus WAS test types
-    tenable_test_type, _ = test_type_model.objects.get_or_create(name="Tenable Scan", active=True)
+    tenable_test_type, _ = test_type_model.objects.get_or_create(name="Tenable Scan", defaults={"active": True})
     nessus_test_type = test_type_model.objects.filter(name="Nessus Scan").first()
     nessus_was_test_type = test_type_model.objects.filter(name="Nessus WAS Scan").first()
     # Get all the findings found by Nessus and Nessus WAS

dojo/db_migrations/0197_parser_merge.py

@@ -54,7 +54,7 @@ def migrate_openvas_parsers(apps, schema_editor):
     finding_model = apps.get_model('dojo', 'Finding')
     test_type_model = apps.get_model('dojo', 'Test_Type')
     # Get or create OpenVAS Test Type and fetch the OpenVAS XML and OpenVAS CSV test types
-    openvas_test_type, _ = test_type_model.objects.get_or_create(name="OpenVAS Parser", active=True)
+    openvas_test_type, _ = test_type_model.objects.get_or_create(name="OpenVAS Parser", defaults={"active": True})
     openvascsv_test_type = test_type_model.objects.filter(name="OpenVAS CSV").first()
     openvasxml_test_type = test_type_model.objects.filter(name="OpenVAS XML").first()
     # Get all the findings found by Nessus and Nessus WAS
@@ -73,7 +73,7 @@ def migrate_clairklar_parsers(apps, schema_editor):
     finding_model = apps.get_model('dojo', 'Finding')
     test_type_model = apps.get_model('dojo', 'Test_Type')
     # Get or create Clair Scan Test Type and fetch the Clair Klar Scan test types
-    clair_test_type, _ = test_type_model.objects.get_or_create(name="Clair Scan", active=True)
+    clair_test_type, _ = test_type_model.objects.get_or_create(name="Clair Scan", defaults={"active": True})
     clairklar_test_type = test_type_model.objects.filter(name="Clair Klar Scan").first()
     # Get all the findings found by Clair Klar Scan
     findings = finding_model.objects.filter(test__scan_type__in=CLAIRKLAR_REFERENCES)

dojo/db_migrations/0199_whitesource_to_mend.py

@@ -34,7 +34,7 @@ def migrate_whitesource_findings_to_mend(apps, schema_editor):
     finding_model = apps.get_model('dojo', 'Finding')
     test_type_model = apps.get_model('dojo', 'Test_Type')
     # Get or create Mend Test Type and fetch the whitesource test types
-    mend_test_type, _ = test_type_model.objects.get_or_create(name="Mend Scan", active=True)
+    mend_test_type, _ = test_type_model.objects.get_or_create(name="Mend Scan", defaults={"active": True})
     whitesource_test_type = test_type_model.objects.filter(name="Whitesource Scan").first()
     # Get all the findings found by whitesource
     findings = finding_model.objects.filter(test__scan_type__in=WHITESOURCE_REFERENCES)

dojo/filters.py

@@ -1,4 +1,5 @@
 import collections
+import warnings
 from drf_spectacular.types import OpenApiTypes
 
 from drf_spectacular.utils import extend_schema_field
@@ -28,6 +29,7 @@
 from dojo.utils import get_system_setting
 from django.contrib.contenttypes.models import ContentType
 import tagulous
+from polymorphic.base import ManagerInheritanceWarning
 # from tagulous.forms import TagWidget
 # import tagulous
 from dojo.authorization.roles_permissions import Permissions
@@ -154,7 +156,17 @@ def sla_satisfied(self, qs, name):
 
     def sla_violated(self, qs, name):
         # return active findings that have an sla expiration date before today
-        return qs.filter(Q(active=True) & Q(sla_expiration_date__lt=timezone.now().date()))
+        return qs.filter(
+            Q(
+                active=True,
+                false_p=False,
+                duplicate=False,
+                out_of_scope=False,
+                risk_accepted=False,
+                is_mitigated=False,
+                mitigated=None,
+            ) & Q(sla_expiration_date__lt=timezone.now().date())
+        )
 
     options = {
         None: (_('Any'), any),
@@ -2404,12 +2416,13 @@ def filter(self, qs, value):
         return self.options[value][1](self, qs, self.options[value][0])
 
 
-class QuestionFilter(FilterSet):
-    text = CharFilter(lookup_expr='icontains')
-    type = QuestionTypeFilter()
+with warnings.catch_warnings(action="ignore", category=ManagerInheritanceWarning):
+    class QuestionFilter(FilterSet):
+        text = CharFilter(lookup_expr='icontains')
+        type = QuestionTypeFilter()
 
-    class Meta:
-        model = Question
-        exclude = ['polymorphic_ctype', 'created', 'modified', 'order']
+        class Meta:
+            model = Question
+            exclude = ['polymorphic_ctype', 'created', 'modified', 'order']
 
-    question_set = FilterSet
+        question_set = FilterSet

dojo/forms.py

@@ -2,6 +2,7 @@
 import re
 from datetime import datetime, date
 import pickle
+import warnings
 from crispy_forms.bootstrap import InlineRadios, InlineCheckboxes
 from crispy_forms.helper import FormHelper
 from crispy_forms.layout import Layout
@@ -18,6 +19,7 @@
 from django.utils.safestring import mark_safe
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
+from polymorphic.base import ManagerInheritanceWarning
 import tagulous
 
 from dojo.endpoint.utils import endpoint_get_or_create, endpoint_filter, \
@@ -3251,16 +3253,17 @@ class Meta:
         exclude = ['questions']
 
 
-class EditQuestionnaireQuestionsForm(forms.ModelForm):
-    questions = forms.ModelMultipleChoiceField(
-        Question.objects.all(),
-        required=True,
-        help_text="Select questions to include on this questionnaire.  Field can be used to search available questions.",
-        widget=MultipleSelectWithPop(attrs={'size': '11'}))
+with warnings.catch_warnings(action="ignore", category=ManagerInheritanceWarning):
+    class EditQuestionnaireQuestionsForm(forms.ModelForm):
+        questions = forms.ModelMultipleChoiceField(
+            Question.polymorphic.all(),
+            required=True,
+            help_text="Select questions to include on this questionnaire.  Field can be used to search available questions.",
+            widget=MultipleSelectWithPop(attrs={'size': '11'}))
 
-    class Meta:
-        model = Engagement_Survey
-        exclude = ['name', 'description', 'active']
+        class Meta:
+            model = Engagement_Survey
+            exclude = ['name', 'description', 'active']
 
 
 class CreateQuestionForm(forms.Form):

dojo/models.py

@@ -4,6 +4,7 @@
 import os
 import re
 import copy
+import warnings
 from typing import Dict, Set, Optional
 from uuid import uuid4
 from django.conf import settings
@@ -28,6 +29,7 @@
 from pytz import all_timezones
 from polymorphic.models import PolymorphicModel
 from polymorphic.managers import PolymorphicManager
+from polymorphic.base import ManagerInheritanceWarning
 from multiselectfield import MultiSelectField
 from django import forms
 from django.utils.translation import gettext as _
@@ -3295,7 +3297,7 @@ def inherit_tags(self, potentially_existing_tags):
 
     @property
     def violates_sla(self):
-        return (self.sla_expiration_date and self.sla_expiration_date < timezone.now())
+        return (self.sla_expiration_date and self.sla_expiration_date < timezone.now().date())
 
 
 class FindingAdmin(admin.ModelAdmin):
@@ -4339,28 +4341,28 @@ class Meta:
 # ==========================
 # Defect Dojo Engaegment Surveys
 # ==============================
+with warnings.catch_warnings(action="ignore", category=ManagerInheritanceWarning):
+    class Question(PolymorphicModel, TimeStampedModel):
+        '''
+            Represents a question.
+        '''
 
-class Question(PolymorphicModel, TimeStampedModel):
-    '''
-        Represents a question.
-    '''
+        class Meta:
+            ordering = ['order']
 
-    class Meta:
-        ordering = ['order']
+        order = models.PositiveIntegerField(default=1,
+                                            help_text=_('The render order'))
 
-    order = models.PositiveIntegerField(default=1,
-                                        help_text=_('The render order'))
+        optional = models.BooleanField(
+            default=False,
+            help_text=_("If selected, user doesn't have to answer this question"))
 
-    optional = models.BooleanField(
-        default=False,
-        help_text=_("If selected, user doesn't have to answer this question"))
+        text = models.TextField(blank=False, help_text=_('The question text'), default='')
+        objects = models.Manager()
+        polymorphic = PolymorphicManager()
 
-    text = models.TextField(blank=False, help_text=_('The question text'), default='')
-    objects = models.Manager()
-    polymorphic = PolymorphicManager()
-
-    def __str__(self):
-        return self.text
+        def __str__(self):
+            return self.text
 
 
 class TextQuestion(Question):
@@ -4471,17 +4473,18 @@ def __str__(self):
         return self.survey.name
 
 
-class Answer(PolymorphicModel, TimeStampedModel):
-    ''' Base Answer model
-    '''
-    question = models.ForeignKey(Question, on_delete=models.CASCADE)
-
-    answered_survey = models.ForeignKey(Answered_Survey,
-                                        null=False,
-                                        blank=False,
-                                        on_delete=models.CASCADE)
-    objects = models.Manager()
-    polymorphic = PolymorphicManager()
+with warnings.catch_warnings(action="ignore", category=ManagerInheritanceWarning):
+    class Answer(PolymorphicModel, TimeStampedModel):
+        ''' Base Answer model
+        '''
+        question = models.ForeignKey(Question, on_delete=models.CASCADE)
+
+        answered_survey = models.ForeignKey(Answered_Survey,
+                                            null=False,
+                                            blank=False,
+                                            on_delete=models.CASCADE)
+        objects = models.Manager()
+        polymorphic = PolymorphicManager()
 
 
 class TextAnswer(Answer):

dojo/settings/settings.dist.py

@@ -7,6 +7,8 @@
 from netaddr import IPNetwork, IPSet
 import json
 import logging
+import warnings
+
 
 logger = logging.getLogger(__name__)
 
@@ -1714,3 +1716,22 @@ def saml2_attrib_map_format(dict):
 AUDITLOG_FLUSH_RETENTION_PERIOD = env('DD_AUDITLOG_FLUSH_RETENTION_PERIOD')
 ENABLE_AUDITLOG = env('DD_ENABLE_AUDITLOG')
 USE_FIRST_SEEN = env('DD_USE_FIRST_SEEN')
+
+
+# ------------------------------------------------------------------------------
+# Ignored Warnings
+# ------------------------------------------------------------------------------
+# These warnings are produce by polymorphic beacuser of weirdness around cascade deletes. We had to do
+# some pretty out of pocket things to correct this behaviors to correct this weirdness, and therefore
+# some warnings are produced trying to steer us in the right direction. Ignore those
+# Reference issue: https://github.com/jazzband/django-polymorphic/issues/229
+warnings.filterwarnings("ignore", message="polymorphic.base.ManagerInheritanceWarning.*")
+warnings.filterwarnings("ignore", message="PolymorphicModelBase._default_manager.*")
+
+
+# TODO - these warnings needs to be removed after all warnings have been removed
+if DEBUG:
+    from django.utils.deprecation import RemovedInDjango50Warning
+    warnings.filterwarnings("ignore", category=RemovedInDjango50Warning)
+    warnings.filterwarnings("ignore", message="'cgi' is deprecated and slated for removal in Python 3\\.13")
+    warnings.filterwarnings("ignore", message="unclosed file .+")

helm/defectdojo/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: "2.31.2"
+appVersion: "2.31.3"
 description: A Helm chart for Kubernetes to install DefectDojo
 name: defectdojo
-version: 1.6.110
+version: 1.6.111
 icon: https://www.defectdojo.org/img/favicon.ico
 maintainers:
   - name: madchap

requirements.txt

@@ -38,7 +38,7 @@ openpyxl==3.1.2
 xlrd==1.2.0
 Pillow==10.2.0  # required by django-imagekit
 psycopg2-binary==2.9.9
-cryptography==42.0.2
+cryptography==42.0.4
 python-dateutil==2.8.2
 pytz==2023.4
 redis==5.0.1