Revert "Merge remote-tracking branch 'upstream/dev' into feature-chec…

…kmarx-cxflow-sast" This reverts commit b167f2b5205b427ac0b26ae7fd3f6b4667a01cde, reversing changes made to 5257a25204dbc9e6603b3b64bc1d78eddb824140.
DefectDojo · Mar 12, 2024 · f9cdafb · f9cdafb
1 parent 31c7403
commit f9cdafb
Show file tree

Hide file tree

Showing 44 changed files with 348 additions and 2,686 deletions.
diff --git a/.github/workflows/k8s-tests.yml b/.github/workflows/k8s-tests.yml
@@ -29,6 +29,14 @@ env:
     --set mysql.enabled=false \
     --set createPostgresqlSecret=true \
    "
+  HELM_PGHA_DATABASE_SETTINGS: " \
+    --set database=postgresqlha \
+    --set postgresql.enabled=false \
+    --set mysql.enabled=false \
+    --set postgresqlha.enabled=true \
+    --set createPostgresqlHaSecret=true \
+    --set createPostgresqlHaPgpoolSecret=true \
+   "
 jobs:
   setting_minikube_cluster:
     name: Kubernetes Deployment
@@ -56,6 +64,10 @@ jobs:
             brokers: redis
             k8s: 'v1.23.9'
             os: debian
+          - databases: pgsqlha
+            brokers: rabbit
+            k8s: 'v1.23.9'
+            os: debian
           - databases: pgsql
             brokers: rabbit
             k8s: 'v1.23.9'

diff --git a/Dockerfile.integration-tests-debian b/Dockerfile.integration-tests-debian
@@ -1,7 +1,7 @@
 
 # code: language=Dockerfile
 
-FROM openapitools/openapi-generator-cli:v7.4.0@sha256:579832bed49ea6c275ce2fb5f2d515f5b03d2b6243f3c80fa8430e4f5a770e9a as openapitools
+FROM openapitools/openapi-generator-cli:v7.3.0@sha256:74b9992692c836e42a02980db4b76bee94e17075e4487cd80f5c540dd57126b9 as openapitools
 FROM python:3.11.4-slim-bullseye@sha256:40319d0a897896e746edf877783ef39685d44e90e1e6de8d964d0382df0d4952 as build
 WORKDIR /app
 RUN \

diff --git a/components/yarn.lock b/components/yarn.lock
@@ -538,6 +538,10 @@ fast-levenshtein@~2.0.6:
   resolved "https://registry.yarnpkg.com/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz#3d8a5c66883a16a30ca8643e851f19baa7797917"
   integrity sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==
 
+flot-axis@markrcote/flot-axislabels#*:
+  version "0.0.0"
+  resolved "https://codeload.github.com/markrcote/flot-axislabels/tar.gz/a181e09d04d120d05e5bc2baaa8738b5b3670428"
+
 flot@flot/flot#~0.8.3:
   version "0.8.3"
   resolved "https://codeload.github.com/flot/flot/tar.gz/453b017cc5acfd75e252b93e8635f57f4196d45d"

diff --git a/docs/content/en/integrations/parsers/file/checkmarx_one.md b/docs/content/en/integrations/parsers/file/checkmarx_one.md
diff --git a/docs/content/en/integrations/parsers/file/crunch42.md b/docs/content/en/integrations/parsers/file/crunch42.md
diff --git a/docs/content/en/integrations/parsers/file/npm_audit_7_plus.md b/docs/content/en/integrations/parsers/file/npm_audit_7_plus.md
diff --git a/docs/content/en/integrations/parsers/file/pip_audit.md b/docs/content/en/integrations/parsers/file/pip_audit.md
@@ -2,41 +2,7 @@
 title: "pip-audit Scan"
 toc_hide: true
 ---
-
-Import pip-audit JSON scan report.
-
-### File Types
-This parser expects a JSON file.
-
-The parser can handle legacy and current JSON format.
-
-The current format has added a `dependencies` element:
-
-    {
-	  "dependencies": [
-	    {
-	      "name": "pyopenssl",
-	      "version": "23.1.0",
-	      "vulns": []
-	    },
-	...
-	  ]
-	...
-	}
-
-The legacy format does not include the `dependencies` key:
-
-    [
-	    {
-	        "name": "adal",
-	        "version": "1.2.2",
-	        "vulns": []
-	    },
-    ...
-    ]
+Import pip-audit JSON scan report
 
 ### Sample Scan Data
-Sample pip-audit Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/pip_audit).
-
-### Link To Tool
-[pip-audit](https://pypi.org/project/pip-audit/)
+Sample pip-audit Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/pip_audit).
diff --git a/dojo/endpoint/views.py b/dojo/endpoint/views.py
@@ -33,6 +33,12 @@ def process_endpoints_view(request, host_view=False, vulnerable=False):
 
     if vulnerable:
         endpoints = Endpoint.objects.filter(
+            finding__active=True,
+            finding__verified=True,
+            finding__out_of_scope=False,
+            finding__mitigated__isnull=True,
+            finding__false_p=False,
+            finding__duplicate=False,
             status_endpoint__mitigated=False,
             status_endpoint__false_positive=False,
             status_endpoint__out_of_scope=False,
@@ -118,12 +124,12 @@ def process_endpoint_view(request, eid, host_view=False):
         endpoints = endpoint.host_endpoints()
         endpoint_metadata = None
         all_findings = endpoint.host_findings()
-        active_findings = endpoint.host_active_findings()
+        active_verified_findings = endpoint.host_active_verified_findings()
     else:
         endpoints = None
         endpoint_metadata = dict(endpoint.endpoint_meta.values_list('name', 'value'))
         all_findings = endpoint.findings.all()
-        active_findings = endpoint.active_findings()
+        active_verified_findings = endpoint.active_verified_findings()
 
     if all_findings:
         start_date = timezone.make_aware(datetime.combine(all_findings.last().date, datetime.min.time()))
@@ -142,8 +148,12 @@ def process_endpoint_view(request, eid, host_view=False):
     monthly_counts = get_period_counts(all_findings, closed_findings, None, months_between, start_date,
                                        relative_delta='months')
 
-    paged_findings = get_page_items(request, active_findings, 25)
-    vulnerable = active_findings.count() != 0
+    paged_findings = get_page_items(request, active_verified_findings, 25)
+
+    vulnerable = False
+
+    if active_verified_findings.count() != 0:
+        vulnerable = True
 
     product_tab = Product_Tab(endpoint.product, "Host" if host_view else "Endpoint", tab="endpoints")
     return render(request,