Merge branch 'finding-created' into 'main'

Fix finding.created not included in design preview data

See merge request reportcreator/reportcreator!785

CHANGELOG.md

@@ -5,6 +5,7 @@
 * Plugin: automatically assign project numbers
 * Run periodic tasks in background
 * Add user option to force change password on next login
+* Fix finding.created not included in design preview data 
 * UI: fix line break in logo text on Firefox
 
 

api/src/reportcreator_api/pentests/models/project.py

@@ -7,6 +7,7 @@
 from django.contrib.postgres.fields import ArrayField
 from django.core.serializers.json import DjangoJSONEncoder
 from django.db import models
+from django.utils import timezone
 from django.utils.functional import classproperty
 from django.utils.translation import gettext_lazy as _
 from jsonschema import ValidationError
@@ -226,13 +227,16 @@ def update_preview_data_defaults(new_data, old_data, new_definition, old_definit
                     {"title": "Second Demo Finding", "cvss": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},
                 ]
             self.report_preview_data["findings"] = [
-                {"id": f.get('id') or str(uuid4())}
-                | ensure_defined_structure(
+                {
+                    "id": f.get('id') or str(uuid4()),
+                    "created": f.get('created') or timezone.now().isoformat(),
+                    "order": fidx + 1,
+                } | ensure_defined_structure(
                     value=f,
                     definition=self.finding_fields_obj,
                     handle_undefined=HandleUndefinedFieldsOptions.FILL_DEMO_DATA,
                 )
-                for f in findings_data
+                for fidx, f in enumerate(findings_data)
                 if isinstance(f, dict)
             ]
             # Update preview data fields containing old default values to new default values

api/src/reportcreator_api/tasks/rendering/entry.py

@@ -131,14 +131,18 @@ def format_template_data(data: dict, project_type: ProjectType, imported_members
         require_id=True)
     data['findings'] = sort_findings(findings=[
         format_template_field_object(
-            value=(f if isinstance(f, dict) else {}) | ensure_defined_structure(
+            value={
+                'id': uuid.uuid4(),
+                'created': timezone.now().isoformat(),
+                'order': fidx,
+            } | (f if isinstance(f, dict) else {}) | ensure_defined_structure(
                 value=f,
                 definition=project_type.finding_fields_obj,
                 handle_undefined=HandleUndefinedFieldsOptions.FILL_DEFAULT),
             definition=project_type.finding_fields_obj,
             members=members,
             require_id=True)
-        for f in data.get('findings', [])],
+        for fidx, f in enumerate(data.get('findings', []))],
         project_type=project_type, override_finding_order=override_finding_order)
     data['pentesters'] = sorted(
         members,
@@ -158,7 +162,7 @@ async def format_project_template_data(project: PentestProject, project_type: Op
         },
         'findings': [{
             'id': str(f.finding_id),
-            'created': str(f.created),
+            'created': f.created.isoformat(),
             'order': f.order,
             **f.data,
         } async for f in project.findings.all()],

api/src/reportcreator_api/tests/test_rendering.py

@@ -78,6 +78,7 @@ def extract_html_part(self, html, start=None, end=None):
         ('{{ report.field_enum.value }}', lambda self: self.project.data['field_enum']),
         ('{{ findings[0].cvss.vector }}', lambda self: self.finding.data['cvss']),
         ('{{ findings[0].cvss.score }}', lambda self: str(cvss.calculate_score(self.finding.data['cvss']))),
+        ('{{ findings[0].created }}', lambda self: self.finding.created.isoformat()),
         ('{{ report.field_cwe.value }} {{ report.field_cwe.id }} {{ report.field_cwe.name }}', "CWE-89 89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"),
         ('{{ data.pentesters[0].name }}', lambda self: self.project.imported_members[0]['name']),
         ('<template v-for="r in data.pentesters[0].roles">{{ r }}</template>', lambda self: ''.join(self.project.imported_members[0]['roles'])),

dev/docker-compose.yml

@@ -199,6 +199,8 @@ services:
       - type: bind
         source: ../api/src/reportcreator_api/tasks/rendering/global_assets/
         target: /app/packages/frontend/src/assets/rendering/
+    tmpfs:
+      - /tmp
     expose:
       - 3000
       - 24678

docs/docs/setup/configuration.md

@@ -281,7 +281,7 @@ PDF compression reduces the file size, but can lead to quality loss of images an
 PDF compression is enabled by default. Disable PDF compression using this setting.
 
 ``` title="Example:"
-COMPRESS_PDF=false
+COMPRESS_PDFS=false
 ```
 
 SysReptor limits the rendering time a PDF can take. If the rendering time exceeds the limit, the PDF render task is aborted. The default limit is 300 seconds (5 minutes).

packages/frontend/src/components/Design/PreviewDataForm.vue

@@ -225,6 +225,7 @@ function createObject(properties: FieldDefinition[]) {
 function createFinding() {
   const newFinding = createObject(props.projectType.finding_fields);
   newFinding.id = uuidv4();
+  newFinding.created = new Date().toISOString();
   newFinding.title = newFinding.title || 'New Demo Finding';
 
   emit('update:modelValue', {