diff --git a/docs/content/en/open_source/upgrading/2.42.md b/docs/content/en/open_source/upgrading/2.42.md index 918ffdb901c..c3656494480 100644 --- a/docs/content/en/open_source/upgrading/2.42.md +++ b/docs/content/en/open_source/upgrading/2.42.md @@ -4,4 +4,16 @@ toc_hide: true weight: -20241202 description: No special instructions. --- -There are no special instructions for upgrading to 2.42.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.42.0) for the contents of the release. + +**Hash Code changes** +A few parsers have been updated to populate more fields. Some of these fields are part of the hash code calculation. To recalculate the hash code please execute the following command: + + `docker compose exec uwsgi /bin/bash -c "python manage.py dedupe.py --parser "Horusec Scan" --hash_code_only` + `docker compose exec uwsgi /bin/bash -c "python manage.py dedupe.py --parser "Qualys Hacker Guardian Scan --hash_code_only"` + `docker compose exec uwsgi /bin/bash -c "python manage.py dedupe.py --parser "Red Hat Satellite --hash_code_only"` + +This command has various command line arguments to tweak its behaviour, for example to trigger a run of the deduplication process. +See [dedupe.py](https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/management/commands/dedupe.py) for more information. + +Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.42.0) for the contents of the release. + diff --git a/docs/content/en/open_source/upgrading/2.43.md b/docs/content/en/open_source/upgrading/2.43.md index 596b2a0080d..4b5efcecf2f 100644 --- a/docs/content/en/open_source/upgrading/2.43.md +++ b/docs/content/en/open_source/upgrading/2.43.md @@ -7,4 +7,16 @@ description: Disclaimer field renamed/split. [Pull request #10902](https://github.com/DefectDojo/django-DefectDojo/pull/10902) introduced different kinds of disclaimers within the DefectDojo instance. The original content of the disclaimer was copied to all new fields where it had been used until now (so this change does not require any action on the user's side). However, if users were managing the original disclaimer via API (endpoint `/api/v2/system_settings/1/`, field `disclaimer`), be aware that the fields are now called `disclaimer_notifications` and `disclaimer_reports` (plus there is one additional, previously unused field called `disclaimer_notes`). -But there are no other special instructions for upgrading to 2.43.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.43.0) for the contents of the release. +**Hash Code changes** +The Rusty Hog parser has been [updated](https://github.com/DefectDojo/django-DefectDojo/pull/11433) to populate more fields. Some of these fields are part of the hash code calculation. To recalculate the hash code and deduplicate existing Rusty Hog findings, please execute the following command: + + `docker compose exec uwsgi /bin/bash -c "python manage.py dedupe.py --parser "Essex Hog Scan (Rusty Hog Scan)" --hash_code_only` + `docker compose exec uwsgi /bin/bash -c "python manage.py dedupe.py --parser "Essex Hog Scan (Choctaw Hog)" --hash_code_only` + `docker compose exec uwsgi /bin/bash -c "python manage.py dedupe.py --parser "Essex Hog Scan (Duroc Hog)" --hash_code_only` + `docker compose exec uwsgi /bin/bash -c "python manage.py dedupe.py --parser "Essex Hog Scan (Gottingen Hog)" --hash_code_only` + `docker compose exec uwsgi /bin/bash -c "python manage.py dedupe.py --parser "Essex Hog Scan (Essex Hog)" --hash_code_only` + +This command has various command line arguments to tweak its behaviour, for example to trigger a run of the deduplication process. +See [dedupe.py](https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/management/commands/dedupe.py) for more information. + +Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.43.0) for the contents of the release. \ No newline at end of file diff --git a/dojo/tools/rusty_hog/parser.py b/dojo/tools/rusty_hog/parser.py index a4582106f0d..2faced43ee8 100644 --- a/dojo/tools/rusty_hog/parser.py +++ b/dojo/tools/rusty_hog/parser.py @@ -76,12 +76,17 @@ def __getitem(self, vulnerabilities, scanner): found_secret_string = "" cwe = 200 for vulnerability in vulnerabilities: + description = "" + if vulnerability.get("reason") is not None: + description += "\n**Reason:** {}".format( + vulnerability.get("reason"), + ) if scanner == "Rusty Hog": break if scanner == "Choctaw Hog": """Choctaw Hog""" - found_secret_string = vulnerability.get("stringsFound") - description = f"**This string was found:** {found_secret_string}" + found_secret_string = str(vulnerability.get("stringsFound") or "") + description += f"**This string was found:** {found_secret_string}" if vulnerability.get("commit") is not None: description += "\n**Commit message:** {}".format( vulnerability.get("commit"), @@ -116,8 +121,8 @@ def __getitem(self, vulnerabilities, scanner): ) elif scanner == "Duroc Hog": """Duroc Hog""" - found_secret_string = vulnerability.get("stringsFound") - description = f"**This string was found:** {found_secret_string}" + found_secret_string = str(vulnerability.get("stringsFound") or "") + description += f"**This string was found:** {found_secret_string}" if vulnerability.get("path") is not None: description += "\n**Path of Issue:** {}".format( vulnerability.get("path"), @@ -132,8 +137,8 @@ def __getitem(self, vulnerabilities, scanner): ) elif scanner == "Gottingen Hog": """Gottingen Hog""" - found_secret_string = vulnerability.get("stringsFound") - description = f"**This string was found:** {found_secret_string}" + found_secret_string = str(vulnerability.get("stringsFound") or "") + description += f"**This string was found:** {found_secret_string}" if vulnerability.get("issue_id") is not None: description += "\n**JIRA Issue ID:** {}".format( vulnerability.get("issue_id"), @@ -147,8 +152,8 @@ def __getitem(self, vulnerabilities, scanner): vulnerability.get("url"), vulnerability.get("url"), ) elif scanner == "Essex Hog": - found_secret_string = vulnerability.get("stringsFound") - description = f"**This string was found:** {found_secret_string}" + found_secret_string = str(vulnerability.get("stringsFound") or "") + description += f"**This string was found:** {found_secret_string}" if vulnerability.get("page_id") is not None: description += "\n**Confluence URL:** [{}]({})".format( vulnerability.get("url"), vulnerability.get("url"), @@ -179,10 +184,15 @@ def __getitem(self, vulnerabilities, scanner): vulnerability.get("issue_id"), vulnerability.get("location"), ) + if not file_path: + file_path = vulnerability.get("url") elif scanner == "Essex Hog": title = "{} found in Confluence Page ID {}".format( vulnerability.get("reason"), vulnerability.get("page_id"), ) + if not file_path: + file_path = vulnerability.get("url") + # create the finding object finding = Finding( title=title, diff --git a/unittests/tools/test_rusty_hog_parser.py b/unittests/tools/test_rusty_hog_parser.py index 3d7df04ea0f..ff2420d00ed 100644 --- a/unittests/tools/test_rusty_hog_parser.py +++ b/unittests/tools/test_rusty_hog_parser.py @@ -110,6 +110,9 @@ def test_parse_file_with_multiple_vuln_has_multiple_finding_essexhog(self): parser = RustyhogParser() findings = parser.get_items(testfile, "Essex Hog", Test()) self.assertEqual(3, len(findings)) + self.assertEqual("https://confluence.com/pages/viewpage.action?pageId=12345", findings[0].file_path) + self.assertEqual("['-----BEGIN EC PRIVATE KEY-----']", findings[0].payload) + self.assertEqual("**Reason:** SSH (EC) private key", findings[0].description[:32]) def test_parse_file_with_multiple_vuln_has_multiple_finding_essexhog_content(self): with open("unittests/scans/rusty_hog/essexhog_many_vulns.json", encoding="utf-8") as testfile: