Merge pull request #11073 from DefectDojo/release/2.39.1

Release: Merge release into master from: release/2.39.1

Author: rossops

README.md

@@ -132,15 +132,14 @@ Core Moderators can help you with pull requests or feedback on dev ideas:
 * Cody Maffucci ([@Maffooch](https://github.com/maffooch) | [LinkedIn](https://www.linkedin.com/in/cody-maffucci))
 
 Moderators can help you with pull requests or feedback on dev ideas:
-* Damien Carol ([@damiencarol](https://github.com/damiencarol) | [LinkedIn](https://www.linkedin.com/in/damien-carol/))
-* Jannik Jürgens ([@alles-klar](https://github.com/alles-klar))
-* Dubravko Sever ([@dsever](https://github.com/dsever))
 * Charles Neill ([@cneill](https://github.com/cneill) | [@ccneill](https://twitter.com/ccneill))
 * Jay Paz ([@jjpaz](https://twitter.com/jjpaz))
 * Blake Owens ([@blakeaowens](https://github.com/blakeaowens))
 
 ## Hall of Fame
-
+* Jannik Jürgens ([@alles-klar](https://github.com/alles-klar)) - Jannik was a long time contributor and moderator for 
+  DefectDojo and made significant contributions to many areas of the platform. Jannik was instrumental in pioneering 
+  and optimizing deployment methods.
 * Valentijn Scholten ([@valentijnscholten](https://github.com/valentijnscholten) |
   [Sponsor](https://github.com/sponsors/valentijnscholten) |
   [LinkedIn](https://www.linkedin.com/in/valentijn-scholten/)) - Valentijn served as a core moderator for 3 years.

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.39.0",
+  "version": "2.39.1",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

dojo/__init__.py

@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = "2.39.0"
+__version__ = "2.39.1"
 __url__ = "https://github.com/DefectDojo/django-DefectDojo"
 __docs__ = "https://documentation.defectdojo.com"

dojo/api_v2/views.py

@@ -1517,6 +1517,7 @@ class JiraProjectViewSet(
         "jira_instance",
         "product",
         "engagement",
+        "enabled",
         "component",
         "project_key",
         "push_all_issues",

dojo/db_migrations/0217_jira_project_enabled.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.0.8 on 2024-10-10 17:07
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dojo', '0216_alter_jira_project_push_all_issues'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='jira_project',
+            name='enabled',
+            field=models.BooleanField(blank=True, default=True, help_text='When disabled, Findings will no longer be pushed to Jira, even if they have already been pushed previously.', verbose_name='Enable Connection With Jira Project'),
+        ),
+    ]

dojo/fixtures/defect_dojo_sample_data.json

@@ -35210,6 +35210,7 @@
         "engagement": null,
         "component": "",
         "push_all_issues": false,
+        "enabled": true,
         "enable_engagement_epic_mapping": true,
         "push_notes": false,
         "product_jira_sla_notification": false,
@@ -35227,6 +35228,7 @@
         "engagement": null,
         "component": "",
         "push_all_issues": true,
+        "enabled": true,
         "enable_engagement_epic_mapping": true,
         "push_notes": true,
         "product_jira_sla_notification": false,
@@ -35244,6 +35246,7 @@
         "engagement": null,
         "component": "",
         "push_all_issues": false,
+        "enabled": true,
         "enable_engagement_epic_mapping": false,
         "push_notes": false,
         "product_jira_sla_notification": false,

dojo/forms.py

@@ -2425,7 +2425,7 @@ def clean(self):
         return self.cleaned_data
 
 
-class JIRAForm(BaseJiraForm):
+class AdvancedJIRAForm(BaseJiraForm):
     issue_template_dir = forms.ChoiceField(required=False,
                                        choices=JIRA_TEMPLATE_CHOICES,
                                        help_text="Choose the folder containing the Django templates used to render the JIRA issue description. These are stored in dojo/templates/issue-trackers. Leave empty to use the default jira_full templates.")
@@ -2445,8 +2445,11 @@ class Meta:
         exclude = [""]
 
 
-class ExpressJIRAForm(BaseJiraForm):
+class JIRAForm(BaseJiraForm):
     issue_key = forms.CharField(required=True, help_text="A valid issue ID is required to gather the necessary information.")
+    issue_template_dir = forms.ChoiceField(required=False,
+                                       choices=JIRA_TEMPLATE_CHOICES,
+                                       help_text="Choose the folder containing the Django templates used to render the JIRA issue description. These are stored in dojo/templates/issue-trackers. Leave empty to use the default jira_full templates.")
 
     class Meta:
         model = JIRA_Instance
@@ -2856,7 +2859,7 @@ class JIRAProjectForm(forms.ModelForm):
     class Meta:
         model = JIRA_Project
         exclude = ["product", "engagement"]
-        fields = ["inherit_from_product", "jira_instance", "project_key", "issue_template_dir", "epic_issue_type_name", "component", "custom_fields", "jira_labels", "default_assignee", "add_vulnerability_id_to_jira_label", "push_all_issues", "enable_engagement_epic_mapping", "push_notes", "product_jira_sla_notification", "risk_acceptance_expiration_notification"]
+        fields = ["inherit_from_product", "jira_instance", "project_key", "issue_template_dir", "epic_issue_type_name", "component", "custom_fields", "jira_labels", "default_assignee", "enabled", "add_vulnerability_id_to_jira_label", "push_all_issues", "enable_engagement_epic_mapping", "push_notes", "product_jira_sla_notification", "risk_acceptance_expiration_notification"]
 
     def __init__(self, *args, **kwargs):
         from dojo.jira_link import helper as jira_helper
@@ -2894,6 +2897,7 @@ def __init__(self, *args, **kwargs):
                 self.fields["custom_fields"].disabled = False
                 self.fields["default_assignee"].disabled = False
                 self.fields["jira_labels"].disabled = False
+                self.fields["enabled"].disabled = False
                 self.fields["add_vulnerability_id_to_jira_label"].disabled = False
                 self.fields["push_all_issues"].disabled = False
                 self.fields["enable_engagement_epic_mapping"].disabled = False
@@ -2918,6 +2922,7 @@ def __init__(self, *args, **kwargs):
                     self.initial["custom_fields"] = jira_project_product.custom_fields
                     self.initial["default_assignee"] = jira_project_product.default_assignee
                     self.initial["jira_labels"] = jira_project_product.jira_labels
+                    self.initial["enabled"] = jira_project_product.enabled
                     self.initial["add_vulnerability_id_to_jira_label"] = jira_project_product.add_vulnerability_id_to_jira_label
                     self.initial["push_all_issues"] = jira_project_product.push_all_issues
                     self.initial["enable_engagement_epic_mapping"] = jira_project_product.enable_engagement_epic_mapping
@@ -2933,6 +2938,7 @@ def __init__(self, *args, **kwargs):
                     self.fields["custom_fields"].disabled = True
                     self.fields["default_assignee"].disabled = True
                     self.fields["jira_labels"].disabled = True
+                    self.fields["enabled"].disabled = True
                     self.fields["add_vulnerability_id_to_jira_label"].disabled = True
                     self.fields["push_all_issues"].disabled = True
                     self.fields["enable_engagement_epic_mapping"].disabled = True

dojo/home/views.py

@@ -33,7 +33,7 @@ def dashboard(request: HttpRequest) -> HttpResponse:
 
     date_range = [today - timedelta(days=6), today]  # 7 days (6 days plus today)
     finding_count = findings\
-        .filter(created__date__range=date_range)\
+        .filter(date__range=date_range)\
         .count()
     mitigated_count = findings\
         .filter(mitigated__date__range=date_range)\

dojo/jira_link/helper.py

@@ -71,11 +71,12 @@ def is_jira_configured_and_enabled(obj):
     if not is_jira_enabled():
         return False
 
-    if get_jira_project(obj) is None:
+    jira_project = get_jira_project(obj)
+    if jira_project is None:
         logger.debug('JIRA project not found for: "%s" not doing anything', obj)
         return False
 
-    return True
+    return jira_project.enabled
 
 
 def is_push_to_jira(instance, push_to_jira_parameter=None):
@@ -88,6 +89,10 @@ def is_push_to_jira(instance, push_to_jira_parameter=None):
     if push_to_jira_parameter is not None:
         return push_to_jira_parameter
 
+    # Check to see if jira project is disabled to prevent pushing findings
+    if not jira_project.enabled:
+        return False
+
     # push_to_jira was not specified, so look at push_all_issues in JIRA_Project
     return jira_project.push_all_issues
 
@@ -96,8 +101,10 @@ def is_push_all_issues(instance):
     if not is_jira_configured_and_enabled(instance):
         return False
 
-    jira_project = get_jira_project(instance)
-    if jira_project:
+    if jira_project := get_jira_project(instance):
+        # Check to see if jira project is disabled to prevent pushing findings
+        if not jira_project.enabled:
+            return None
         return jira_project.push_all_issues
     return None
 
@@ -108,9 +115,13 @@ def is_push_all_issues(instance):
 # returns True/False, error_message, error_code
 def can_be_pushed_to_jira(obj, form=None):
     # logger.debug('can be pushed to JIRA: %s', finding_or_form)
-    if not get_jira_project(obj):
+    jira_project = get_jira_project(obj)
+    if not jira_project:
         return False, f"{to_str_typed(obj)} cannot be pushed to jira as there is no jira project configuration for this product.", "error_no_jira_project"
 
+    if not jira_project.enabled:
+        return False, f"{to_str_typed(obj)} cannot be pushed to jira as the jira project is not enabled.", "error_no_jira_project"
+
     if not hasattr(obj, "has_jira_issue"):
         return False, f"{to_str_typed(obj)} cannot be pushed to jira as there is no jira_issue attribute.", "error_no_jira_issue_attribute"
 
@@ -1389,6 +1400,13 @@ def add_comment(obj, note, force_push=False, **kwargs):
 
 def add_simple_jira_comment(jira_instance, jira_issue, comment):
     try:
+        jira_project = get_jira_project(jira_issue)
+
+        # Check to see if jira project is disabled to prevent pushing findings
+        if not jira_project.enabled:
+            log_jira_generic_alert("JIRA Project is disabled", "Push to JIRA for Epic skipped because JIRA Project is disabled")
+            return False
+
         jira = get_jira_connection(jira_instance)
 
         jira.add_comment(
@@ -1403,9 +1421,13 @@ def add_simple_jira_comment(jira_instance, jira_issue, comment):
 def finding_link_jira(request, finding, new_jira_issue_key):
     logger.debug("linking existing jira issue %s for finding %i", new_jira_issue_key, finding.id)
 
-    existing_jira_issue = jira_get_issue(get_jira_project(finding), new_jira_issue_key)
-
     jira_project = get_jira_project(finding)
+    existing_jira_issue = jira_get_issue(jira_project, new_jira_issue_key)
+
+    # Check to see if jira project is disabled to prevent pushing findings
+    if not jira_project.enabled:
+        add_error_message_to_response("Push to JIRA for finding skipped because JIRA Project is disabled")
+        return False
 
     if not existing_jira_issue:
         raise ValueError("JIRA issue not found or cannot be retrieved: " + new_jira_issue_key)
@@ -1433,9 +1455,13 @@ def finding_link_jira(request, finding, new_jira_issue_key):
 def finding_group_link_jira(request, finding_group, new_jira_issue_key):
     logger.debug("linking existing jira issue %s for finding group %i", new_jira_issue_key, finding_group.id)
 
-    existing_jira_issue = jira_get_issue(get_jira_project(finding_group), new_jira_issue_key)
-
     jira_project = get_jira_project(finding_group)
+    existing_jira_issue = jira_get_issue(jira_project, new_jira_issue_key)
+
+    # Check to see if jira project is disabled to prevent pushing findings
+    if not jira_project.enabled:
+        add_error_message_to_response("Push to JIRA for group skipped because JIRA Project is disabled")
+        return False
 
     if not existing_jira_issue:
         raise ValueError("JIRA issue not found or cannot be retrieved: " + new_jira_issue_key)

dojo/jira_link/urls.py

@@ -8,7 +8,8 @@
     re_path(r"^jira/webhook/(?P<secret>[\w-]+)$", views.webhook, name="jira_web_hook_secret"),
     re_path(r"^jira/webhook/", views.webhook, name="jira_web_hook"),
     re_path(r"^jira/add", views.NewJiraView.as_view(), name="add_jira"),
+    re_path(r"^jira/advanced", views.AdvancedJiraView.as_view(), name="add_jira_advanced"),
     re_path(r"^jira/(?P<jid>\d+)/edit$", views.EditJiraView.as_view(), name="edit_jira"),
     re_path(r"^jira/(?P<tid>\d+)/delete$", views.DeleteJiraView.as_view(), name="delete_jira"),
     re_path(r"^jira$", views.ListJiraView.as_view(), name="jira"),
-    re_path(r"^jira/express", views.ExpressJiraView.as_view(), name="express_jira")]
+]