Merge pull request #8445 from DefectDojo/master-into-dev/2.24.4-2.25.…

…0-dev Release: Merge back 2.24.4 into dev from: master-into-dev/2.24.4-2.25.0-dev
DefectDojo · Jul 31, 2023 · a2435d2 · a2435d2
2 parents 9db94de + 2429a22
commit a2435d2
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 18 deletions.
diff --git a/dojo/finding/views.py b/dojo/finding/views.py
@@ -1156,7 +1156,10 @@ def edit_finding(request, fid):
                             fp.save_no_options()
 
             if "request" in form.cleaned_data or "response" in form.cleaned_data:
-                burp_rr, _ = BurpRawRequestResponse.objects.get_or_create(finding=finding)
+                try:
+                    burp_rr, _ = BurpRawRequestResponse.objects.get_or_create(finding=finding)
+                except BurpRawRequestResponse.MultipleObjectsReturned:
+                    burp_rr = BurpRawRequestResponse.objects.filter(finding=finding).first()
                 burp_rr.burpRequestBase64 = base64.b64encode(
                     form.cleaned_data["request"].encode()
                 )

diff --git a/dojo/reports/views.py b/dojo/reports/views.py
@@ -830,20 +830,27 @@ def get_foreign_keys():
         'mitigated_by', 'reporter', 'review_requested_by', 'sonarqube_issue', 'test']
 
 
+def get_attributes():
+    return ["sla_age", "sla_deadline", "sla_days_remaining"]
+
+
 def csv_export(request):
     findings, obj = get_findings(request)
-
     response = HttpResponse(content_type='text/csv')
     response['Content-Disposition'] = 'attachment; filename=findings.csv'
-
     writer = csv.writer(response)
-
+    allowed_attributes = get_attributes()
+    excludes_list = get_excludes()
+    allowed_foreign_keys = get_attributes()
     first_row = True
+
     for finding in findings:
         if first_row:
             fields = []
             for key in dir(finding):
-                if key not in get_excludes() and not callable(getattr(finding, key)) and not key.startswith('_'):
+                if key not in excludes_list and (not callable(getattr(finding, key)) or key in allowed_attributes) and not key.startswith('_'):
+                    if callable(getattr(finding, key)) and key not in allowed_attributes:
+                        continue
                     fields.append(key)
             fields.append('test')
             fields.append('found_by')
@@ -860,10 +867,16 @@ def csv_export(request):
         if not first_row:
             fields = []
             for key in dir(finding):
-                if key not in get_excludes() and not callable(getattr(finding, key)) and not key.startswith('_'):
-                    value = finding.__dict__.get(key)
-                    if key in get_foreign_keys() and getattr(finding, key):
-                        value = str(getattr(finding, key))
+                if key not in excludes_list and (not callable(getattr(finding, key)) or key in allowed_attributes) and not key.startswith('_'):
+                    if not callable(getattr(finding, key)):
+                        value = finding.__dict__.get(key)
+                    if (key in allowed_foreign_keys or key in allowed_attributes) and getattr(finding, key):
+                        if callable(getattr(finding, key)):
+                            func = getattr(finding, key)
+                            result = func()
+                            value = result
+                        else:
+                            value = str(getattr(finding, key))
                     if value and isinstance(value, str):
                         value = value.replace('\n', ' NEWLINE ').replace('\r', '')
                     fields.append(value)
@@ -907,20 +920,23 @@ def csv_export(request):
 
 def excel_export(request):
     findings, obj = get_findings(request)
-
     workbook = Workbook()
     workbook.iso_dates = True
     worksheet = workbook.active
     worksheet.title = 'Findings'
-
     font_bold = Font(bold=True)
+    allowed_attributes = get_attributes()
+    excludes_list = get_excludes()
+    allowed_foreign_keys = get_attributes()
 
     row_num = 1
     for finding in findings:
         if row_num == 1:
             col_num = 1
             for key in dir(finding):
-                if key not in get_excludes() and not callable(getattr(finding, key)) and not key.startswith('_'):
+                if key not in excludes_list and (not callable(getattr(finding, key)) or key in allowed_attributes) and not key.startswith('_'):
+                    if callable(getattr(finding, key)) and key not in allowed_attributes:
+                        continue
                     cell = worksheet.cell(row=row_num, column=col_num, value=key)
                     cell.font = font_bold
                     col_num += 1
@@ -949,10 +965,16 @@ def excel_export(request):
         if row_num > 1:
             col_num = 1
             for key in dir(finding):
-                if key not in get_excludes() and not callable(getattr(finding, key)) and not key.startswith('_'):
-                    value = finding.__dict__.get(key)
-                    if key in get_foreign_keys() and getattr(finding, key):
-                        value = str(getattr(finding, key))
+                if key not in excludes_list and (not callable(getattr(finding, key)) or key in allowed_attributes) and not key.startswith('_'):
+                    if not callable(getattr(finding, key)):
+                        value = finding.__dict__.get(key)
+                    if (key in allowed_foreign_keys or key in allowed_attributes) and getattr(finding, key):
+                        if callable(getattr(finding, key)):
+                            func = getattr(finding, key)
+                            result = func()
+                            value = result
+                        else:
+                            value = str(getattr(finding, key))
                     if value and isinstance(value, datetime):
                         value = value.replace(tzinfo=None)
                     worksheet.cell(row=row_num, column=col_num, value=value)

diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "2.25.0-dev"
 description: A Helm chart for Kubernetes to install DefectDojo
 name: defectdojo
-version: 1.6.78-dev
+version: 1.6.79-dev
 icon: https://www.defectdojo.org/img/favicon.ico
 maintainers:
   - name: madchap

diff --git a/readme-docs/DOCKER.md b/readme-docs/DOCKER.md
@@ -418,7 +418,9 @@ OpenSSL version: OpenSSL 1.0.1t  3 May 2016
 
 In this case, both docker (version 17.09.0-ce) and docker-compose (1.18.0) need to be updated.
 
-Follow [Dockers' documentation](https://docs.docker.com/install/) for your OS to get the latest version of Docker. For the docker command, most OSes have a built-in update mechanism like "apt upgrade".
+**NOTE** - Docker Compose version 2.19.0 and greater includes syntax restrictions that are not compatible with our compose files.  As a temporary workaround while a more complete solution is determined, please do not update docker compose to a version greater than 2.18.1.
+
+Follow [Dockers' documentation](https://docs.docker.com/install/) for your OS to get the latest version of Docker* (see above Note). For the docker command, most OSes have a built-in update mechanism like "apt upgrade".
 
 Docker Compose isn't packaged like Docker and you'll need to manually update an existing install if using Linux. For Linux, either follow the instructions in the [Docker Compose documentation](https://docs.docker.com/compose/install/) or use the shell script below. The script below will update docker-compose to the latest version automatically. You will need to make the script executable and have sudo privileges to upgrade docker-compose: