Merge branch 'renovate/ruff-0.x' into fix_ruff_v02

kiblik · Feb 5, 2024 · 68efb88 · 68efb88
2 parents b83f849 + aaabbab
commit 68efb88
Show file tree

Hide file tree

Showing 22 changed files with 460 additions and 77 deletions.
diff --git a/docs/content/en/integrations/parsers/file/mend.md b/docs/content/en/integrations/parsers/file/mend.md
@@ -12,4 +12,4 @@ Unit tests for Mend JSON files can be found at https://github.com/DefectDojo/dja
 ### Link To Tool
 See documentation: https://docs.mend.io/bundle/unified_agent/page/example_of_a_unified_agent_json_report.html
 
-*Formerly known as Whitesource.
+*Formerly known as Whitesource.*
diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py
@@ -2004,8 +2004,20 @@ class Meta:
         exclude = (
             "tid",
             "updated",
+            "async_updating"
         )
 
+    def validate(self, data):
+        async_updating = getattr(self.instance, 'async_updating', None)
+        if async_updating:
+            new_sla_config = data.get('sla_configuration', None)
+            old_sla_config = getattr(self.instance, 'sla_configuration', None)
+            if new_sla_config and old_sla_config and new_sla_config != old_sla_config:
+                raise serializers.ValidationError(
+                    'Finding SLA expiration dates are currently being recalculated. The SLA configuration for this product cannot be changed until the calculation is complete.'
+                )
+        return data
+
     def get_findings_count(self, obj) -> int:
         return obj.findings_count
 
@@ -3031,7 +3043,21 @@ class Meta:
 class SLAConfigurationSerializer(serializers.ModelSerializer):
     class Meta:
         model = SLA_Configuration
-        fields = "__all__"
+        exclude = (
+            "async_updating",
+        )
+
+    def validate(self, data):
+        async_updating = getattr(self.instance, 'async_updating', None)
+        if async_updating:
+            for field in ['critical', 'high', 'medium', 'low']:
+                old_days = getattr(self.instance, field, None)
+                new_days = data.get(field, None)
+                if old_days and new_days and (old_days != new_days):
+                    raise serializers.ValidationError(
+                        'Finding SLA expiration dates are currently being calculated. The SLA days for this SLA configuration cannot be changed until the calculation is complete.'
+                    )
+        return data
 
 
 class UserProfileSerializer(serializers.Serializer):

diff --git a/dojo/apps.py b/dojo/apps.py
@@ -74,6 +74,7 @@ def ready(self):
         import dojo.announcement.signals  # noqa
         import dojo.product.signals  # noqa
         import dojo.test.signals  # noqa
+        import dojo.sla_config.helpers  # noqa
 
 
 def get_model_fields_with_extra(model, extra_fields=()):

diff --git a/dojo/db_migrations/0197_parser_merge.py b/dojo/db_migrations/0197_parser_merge.py
@@ -76,7 +76,7 @@ def migrate_clairklar_parsers(apps, schema_editor):
     clair_test_type, _ = test_type_model.objects.get_or_create(name="Clair Scan", active=True)
     clairklar_test_type = test_type_model.objects.filter(name="Clair Klar Scan").first()
     # Get all the findings found by Clair Klar Scan
-    findings = finding_model.objects.filter(test__scan_type__in=OPENVAS_REFERENCES)
+    findings = finding_model.objects.filter(test__scan_type__in=CLAIRKLAR_REFERENCES)
     logger.warning(f'We identified {findings.count()} Clair Klar Scan findings to migrate to Clair Scan findings')
     # Iterate over all findings and change
     for finding in findings:

diff --git a/dojo/db_migrations/0200_finding_sla_expiration_date_product_async_updating_and_more.py b/dojo/db_migrations/0200_finding_sla_expiration_date_product_async_updating_and_more.py
@@ -0,0 +1,31 @@
+# Generated by Django 4.1.13 on 2024-01-17 03:07
+
+from django.db import migrations, models
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dojo', '0199_whitesource_to_mend'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='finding',
+            name='sla_expiration_date',
+            field=models.DateField(blank=True, help_text="(readonly)The date SLA expires for this finding. Empty by default, causing a fallback to 'date'.", null=True, verbose_name='SLA Expiration Date'),
+        ),
+        migrations.AddField(
+            model_name='product',
+            name='async_updating',
+            field=models.BooleanField(default=False, help_text='Findings under this Product or SLA configuration are asynchronously being updated'),
+        ),
+        migrations.AddField(
+            model_name='sla_configuration',
+            name='async_updating',
+            field=models.BooleanField(default=False, help_text='Findings under this SLA configuration are asynchronously being updated'),
+        ),
+    ]
diff --git a/dojo/filters.py b/dojo/filters.py
@@ -147,22 +147,22 @@ class FindingSLAFilter(ChoiceFilter):
     def any(self, qs, name):
         return qs
 
-    def satisfies_sla(self, qs, name):
+    def sla_satisfied(self, qs, name):
         for finding in qs:
             if finding.violates_sla:
                 qs = qs.exclude(id=finding.id)
         return qs
 
-    def violates_sla(self, qs, name):
+    def sla_violated(self, qs, name):
         for finding in qs:
             if not finding.violates_sla:
                 qs = qs.exclude(id=finding.id)
         return qs
 
     options = {
         None: (_('Any'), any),
-        0: (_('False'), satisfies_sla),
-        1: (_('True'), violates_sla),
+        0: (_('False'), sla_satisfied),
+        1: (_('True'), sla_violated),
     }
 
     def __init__(self, *args, **kwargs):
@@ -182,22 +182,22 @@ class ProductSLAFilter(ChoiceFilter):
     def any(self, qs, name):
         return qs
 
-    def satisfies_sla(self, qs, name):
+    def sla_satisifed(self, qs, name):
         for product in qs:
             if product.violates_sla:
                 qs = qs.exclude(id=product.id)
         return qs
 
-    def violates_sla(self, qs, name):
+    def sla_violated(self, qs, name):
         for product in qs:
             if not product.violates_sla:
                 qs = qs.exclude(id=product.id)
         return qs
 
     options = {
         None: (_('Any'), any),
-        0: (_('False'), satisfies_sla),
-        1: (_('True'), violates_sla),
+        0: (_('False'), sla_satisifed),
+        1: (_('True'), sla_violated),
     }
 
     def __init__(self, *args, **kwargs):
@@ -1465,9 +1465,8 @@ class Meta:
                    'endpoints', 'references',
                    'thread_id', 'notes', 'scanner_confidence',
                    'numerical_severity', 'line', 'duplicate_finding',
-                   'hash_code',
-                   'reviewers',
-                   'created', 'files', 'sla_start_date', 'cvssv3',
+                   'hash_code', 'reviewers', 'created', 'files',
+                   'sla_start_date', 'sla_expiration_date', 'cvssv3',
                    'severity_justification', 'steps_to_reproduce']
 
     def __init__(self, *args, **kwargs):

diff --git a/dojo/forms.py b/dojo/forms.py
@@ -263,6 +263,12 @@ def __init__(self, *args, **kwargs):
         super(ProductForm, self).__init__(*args, **kwargs)
         self.fields['prod_type'].queryset = get_authorized_product_types(Permissions.Product_Type_Add_Product)
 
+        # if this product has findings being asynchronously updated, disable the sla config field
+        if self.instance.async_updating:
+            self.fields['sla_configuration'].disabled = True
+            self.fields['sla_configuration'].widget.attrs['message'] = 'Finding SLA expiration dates are currently being recalculated. ' + \
+                                                                       'This field cannot be changed until the calculation is complete.'
+
     class Meta:
         model = Product
         fields = ['name', 'description', 'tags', 'product_manager', 'technical_contact', 'team_manager', 'prod_type', 'sla_configuration', 'regulations',
@@ -1073,7 +1079,7 @@ class AdHocFindingForm(forms.ModelForm):
     # the only reliable way without hacking internal fields to get predicatble ordering is to make it explicit
     field_order = ('title', 'date', 'cwe', 'vulnerability_ids', 'severity', 'cvssv3', 'description', 'mitigation', 'impact', 'request', 'response', 'steps_to_reproduce',
                    'severity_justification', 'endpoints', 'endpoints_to_add', 'references', 'active', 'verified', 'false_p', 'duplicate', 'out_of_scope',
-                   'risk_accepted', 'under_defect_review', 'sla_start_date')
+                   'risk_accepted', 'under_defect_review', 'sla_start_date', 'sla_expiration_date')
 
     def __init__(self, *args, **kwargs):
         req_resp = kwargs.pop('req_resp')
@@ -1113,7 +1119,8 @@ def clean(self):
     class Meta:
         model = Finding
         exclude = ('reporter', 'url', 'numerical_severity', 'under_review', 'reviewers', 'cve', 'inherited_tags',
-                   'review_requested_by', 'is_mitigated', 'jira_creation', 'jira_change', 'endpoint_status', 'sla_start_date')
+                   'review_requested_by', 'is_mitigated', 'jira_creation', 'jira_change', 'endpoints', 'sla_start_date',
+                   'sla_expiration_date')
 
 
 class PromoteFindingForm(forms.ModelForm):
@@ -1139,9 +1146,9 @@ class PromoteFindingForm(forms.ModelForm):
     references = forms.CharField(widget=forms.Textarea, required=False)
 
     # the onyl reliable way without hacking internal fields to get predicatble ordering is to make it explicit
-    field_order = ('title', 'group', 'date', 'sla_start_date', 'cwe', 'vulnerability_ids', 'severity', 'cvssv3', 'cvssv3_score', 'description', 'mitigation', 'impact',
-                   'request', 'response', 'steps_to_reproduce', 'severity_justification', 'endpoints', 'endpoints_to_add', 'references',
-                   'active', 'mitigated', 'mitigated_by', 'verified', 'false_p', 'duplicate',
+    field_order = ('title', 'group', 'date', 'sla_start_date', 'sla_expiration_date', 'cwe', 'vulnerability_ids', 'severity', 'cvssv3',
+                   'cvssv3_score', 'description', 'mitigation', 'impact', 'request', 'response', 'steps_to_reproduce', 'severity_justification',
+                   'endpoints', 'endpoints_to_add', 'references', 'active', 'mitigated', 'mitigated_by', 'verified', 'false_p', 'duplicate',
                    'out_of_scope', 'risk_accept', 'under_defect_review')
 
     def __init__(self, *args, **kwargs):
@@ -1211,9 +1218,9 @@ class FindingForm(forms.ModelForm):
             'invalid_choice': EFFORT_FOR_FIXING_INVALID_CHOICE})
 
     # the only reliable way without hacking internal fields to get predicatble ordering is to make it explicit
-    field_order = ('title', 'group', 'date', 'sla_start_date', 'cwe', 'vulnerability_ids', 'severity', 'cvssv3', 'cvssv3_score', 'description', 'mitigation', 'impact',
-                   'request', 'response', 'steps_to_reproduce', 'severity_justification', 'endpoints', 'endpoints_to_add', 'references',
-                   'active', 'mitigated', 'mitigated_by', 'verified', 'false_p', 'duplicate',
+    field_order = ('title', 'group', 'date', 'sla_start_date', 'sla_expiration_date', 'cwe', 'vulnerability_ids', 'severity', 'cvssv3',
+                   'cvssv3_score', 'description', 'mitigation', 'impact', 'request', 'response', 'steps_to_reproduce', 'severity_justification',
+                   'endpoints', 'endpoints_to_add', 'references', 'active', 'mitigated', 'mitigated_by', 'verified', 'false_p', 'duplicate',
                    'out_of_scope', 'risk_accept', 'under_defect_review')
 
     def __init__(self, *args, **kwargs):
@@ -1251,6 +1258,7 @@ def __init__(self, *args, **kwargs):
             self.fields['duplicate'].help_text = "You can mark findings as duplicate only from the view finding page."
 
         self.fields['sla_start_date'].disabled = True
+        self.fields['sla_expiration_date'].disabled = True
 
         if self.can_edit_mitigated_data:
             if hasattr(self, 'instance'):
@@ -2436,6 +2444,22 @@ def clean(self):
 
 
 class SLAConfigForm(forms.ModelForm):
+    def __init__(self, *args, **kwargs):
+        super(SLAConfigForm, self).__init__(*args, **kwargs)
+
+        # if this sla config has findings being asynchronously updated, disable the days by severity fields
+        if self.instance.async_updating:
+            msg = 'Finding SLA expiration dates are currently being recalculated. ' + \
+                  'This field cannot be changed until the calculation is complete.'
+            self.fields['critical'].disabled = True
+            self.fields['critical'].widget.attrs['message'] = msg
+            self.fields['high'].disabled = True
+            self.fields['high'].widget.attrs['message'] = msg
+            self.fields['medium'].disabled = True
+            self.fields['medium'].widget.attrs['message'] = msg
+            self.fields['low'].disabled = True
+            self.fields['low'].widget.attrs['message'] = msg
+
     class Meta:
         model = SLA_Configuration
         fields = ['name', 'description', 'critical', 'high', 'medium', 'low']