From 4f97bc3b8c1729f5fcd15162e7639591d5a853a8 Mon Sep 17 00:00:00 2001 From: Eugeniu David Date: Mon, 11 Mar 2024 11:07:30 +0100 Subject: [PATCH 1/3] Add support for more GIT SCMs --- dojo/models.py | 53 ++++++++++++--------------------- unittests/test_finding_model.py | 47 +++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 34 deletions(-) diff --git a/dojo/models.py b/dojo/models.py index 362ec399b69..6db0af501d1 100755 --- a/dojo/models.py +++ b/dojo/models.py @@ -3150,33 +3150,34 @@ def get_scm_type(self): st = dojo_meta.value.strip() if st: return st.lower() - return 'github' + return '' - def bitbucket_public_prepare_scm_base_link(self, uri): - # bitbucket public (https://bitbucket.org) url template for browse is: - # https://bitbucket.org// + def scm_public_prepare_base_link(self, uri): + # scm public (https://scm-domain.org) url template for browse is: + # https://scm-domain.org// # but when you get repo url for git, its template is: - # https://bitbucket.org//.git + # https://scm-domain.org//.git # so to create browser url - git url should be recomposed like below: parts_uri = uri.split('.git') return parts_uri[0] - def bitbucket_public_prepare_scm_link(self, uri): + def git_public_prepare_scm_link(self, uri, scm_type): # if commit hash or branch/tag is set for engagement/test - # hash or branch/tag should be appended to base browser link + intermediate_path = '/blob/' if scm_type in ['github', 'gitlab'] else '/src/' - link = self.bitbucket_public_prepare_scm_base_link(uri) + link = self.scm_public_prepare_base_link(uri) if self.test.commit_hash: - link += '/src/' + self.test.commit_hash + '/' + self.file_path + link += intermediate_path + self.test.commit_hash + '/' + self.file_path elif self.test.engagement.commit_hash: - link += '/src/' + self.test.engagement.commit_hash + '/' + self.file_path + link += intermediate_path + self.test.engagement.commit_hash + '/' + self.file_path elif self.test.branch_tag: - link += '/src/' + self.test.branch_tag + '/' + self.file_path + link += intermediate_path + self.test.branch_tag + '/' + self.file_path elif self.test.engagement.branch_tag: - link += '/src/' + self.test.engagement.branch_tag + '/' + self.file_path + link += intermediate_path + self.test.engagement.branch_tag + '/' + self.file_path else: - link += '/src/master/' + self.file_path + link += intermediate_path + 'master/' + self.file_path return link @@ -3218,22 +3219,6 @@ def bitbucket_standalone_prepare_scm_link(self, uri): return link - def github_prepare_scm_link(self, uri): - link = uri - - if self.test.commit_hash: - link += '/blob/' + self.test.commit_hash + '/' + self.file_path - elif self.test.engagement.commit_hash: - link += '/blob/' + self.test.engagement.commit_hash + '/' + self.file_path - elif self.test.branch_tag: - link += '/blob/' + self.test.branch_tag + '/' + self.file_path - elif self.test.engagement.branch_tag: - link += '/blob/' + self.test.engagement.branch_tag + '/' + self.file_path - else: - link += '/' + self.file_path - - return link - def get_file_path_with_raw_link(self): if self.file_path is None: return None @@ -3241,12 +3226,12 @@ def get_file_path_with_raw_link(self): link = self.test.engagement.source_code_management_uri scm_type = self.get_scm_type() if (self.test.engagement.source_code_management_uri is not None): - if scm_type == 'github' or ("https://github.com/" in self.test.engagement.source_code_management_uri): - link = self.github_prepare_scm_link(link) - elif scm_type == 'bitbucket-standalone': + if scm_type == 'bitbucket-standalone': link = self.bitbucket_standalone_prepare_scm_link(link) - elif scm_type == 'bitbucket': - link = self.bitbucket_public_prepare_scm_link(link) + elif scm_type in ['github', 'gitlab', 'gitea', 'codeberg', 'bitbucket']: + link = self.git_public_prepare_scm_link(link, scm_type) + elif 'https://github.com/' in self.test.engagement.source_code_management_uri: + link = self.git_public_prepare_scm_link(link, 'github') else: link += '/' + self.file_path else: @@ -3254,7 +3239,7 @@ def get_file_path_with_raw_link(self): # than - add line part to browser url if self.line: - if scm_type == 'github' or scm_type == 'gitlab': + if scm_type in ['github', 'gitlab', 'gitea', 'codeberg'] or 'https://github.com/' in self.test.engagement.source_code_management_uri: link = link + '#L' + str(self.line) elif scm_type == 'bitbucket-standalone': link = link + '#' + str(self.line) diff --git a/unittests/test_finding_model.py b/unittests/test_finding_model.py index e6053dcd916..e9f89898865 100644 --- a/unittests/test_finding_model.py +++ b/unittests/test_finding_model.py @@ -211,6 +211,53 @@ def test_get_file_path_with_link_and_source_code_management_uri_bitbucket_standa self.assertEqual('some-folder/some-file.ext', finding.get_file_path_with_link()) + def test_get_file_path_with_link_and_source_code_management_uri_gitea_or_codeberg_project_with_no_details_and_line(self): + # checks that for gitea and codeberg in custom field + # dojo makes correct url + + # create scm-type custom field with value "gitea" + product_type = self.create_product_type('test_product_type') + product = self.create_product(name='test_product', prod_type=product_type) + product_metadata = DojoMeta(product=product, name="scm-type", value="gitea") + product_metadata.save() + + # create finding with scm uri line + test = Test() + engagement = Engagement() + engagement.product = product + test.engagement = engagement + finding = Finding() + finding.test = test + finding.file_path = 'some-folder/some-file.ext' + finding.line = 5432 + + engagement.source_code_management_uri = 'https://bb.example.com/some-test-user/some-test-repo.git' + self.assertEqual('some-folder/some-file.ext', finding.get_file_path_with_link()) + + def test_get_file_path_with_link_and_source_code_management_uri_gitea_or_codeberg_project_with_commithash_and_line(self): + # checks that for gitea and codeberg in custom field and existing commit hash in finding + # dojo makes correct url + + # create scm-type custom field with value "gitea" + product_type = self.create_product_type('test_product_type') + product = self.create_product(name='test_product', prod_type=product_type) + product_metadata = DojoMeta(product=product, name="scm-type", value="gitea") + product_metadata.save() + + # create finding with scm uri and commit hash, branch and line + test = Test() + engagement = Engagement() + engagement.product = product + test.engagement = engagement + engagement.commit_hash = "some-commit-hash" + finding = Finding() + finding.test = test + finding.file_path = 'some-folder/some-file.ext' + finding.line = 5432 + + engagement.source_code_management_uri = 'https://bb.example.com/some-test-user/some-test-repo.git' + self.assertEqual('some-folder/some-file.ext', finding.get_file_path_with_link()) + def test_get_file_path_with_xss_attack(self): test = Test() engagement = Engagement() From 83f9fa6cbdc890e2bb6c566c18b3347988faee5c Mon Sep 17 00:00:00 2001 From: Eugeniu David Date: Mon, 11 Mar 2024 11:25:29 +0100 Subject: [PATCH 2/3] fix flake8 issue --- dojo/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/models.py b/dojo/models.py index 6db0af501d1..0862cd14c1d 100755 --- a/dojo/models.py +++ b/dojo/models.py @@ -3177,7 +3177,7 @@ def git_public_prepare_scm_link(self, uri, scm_type): elif self.test.engagement.branch_tag: link += intermediate_path + self.test.engagement.branch_tag + '/' + self.file_path else: - link += intermediate_path + 'master/' + self.file_path + link += intermediate_path + 'master/' + self.file_path return link From 831c601ea98ce220ea2e1f8c8f260e98ba558dfc Mon Sep 17 00:00:00 2001 From: Eugeniu David Date: Thu, 14 Mar 2024 15:59:00 +0100 Subject: [PATCH 3/3] docs: added other supported SCM to the documentation --- docs/content/en/integrations/source-code-repositories.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/content/en/integrations/source-code-repositories.md b/docs/content/en/integrations/source-code-repositories.md index 7b7f5f04671..99f5d386b2d 100644 --- a/docs/content/en/integrations/source-code-repositories.md +++ b/docs/content/en/integrations/source-code-repositories.md @@ -24,7 +24,7 @@ For Interactive Engagement it needs to be the URL including the branch: For CI/CD Engagement, where user could set commit hash, branch/tag and code line it should look like examples below: - for GitHub - like https://github.com/DefectDojo/django-DefectDojo - for GitLab - like https://gitlab.com/gitlab-org/gitlab -- for public BitBucket - like https://bitbucket.org/some-user/some-project.git (like git clone url) +- for public BitBucket, Gitea and Codeberg - like https://bitbucket.org/some-user/some-project.git (like git clone url) - for standalone/onpremise BitBucket https://bb.example.com/scm/some-project.git or https://bb.example.com/scm/some-user-name/some-repo.git for user public repo (like git clone url) If user does not set commit hash or branch/tag in appropriate fields of CI/CD Engagement edit form, the URL should look like in Interactive Engagement edit form. @@ -39,7 +39,7 @@ Product SCM type add: ![Product scm type](../../../static/images/product-scm-type_1.png) -Possible SCM types could be 'github', 'gitlab', 'bitbucket', 'bitbucket-standalone' or nothing (for default github). +Possible SCM types could be 'github', 'gitlab', 'bitbucket', 'bitbucket-standalone', 'gitea', 'codeberg' or nothing (for default github). ## Link in Finding