Merge branch 'dev' into audit-log

.github/workflows/fetch-oas.yml

@@ -33,7 +33,7 @@ jobs:
              docker images
 
       - name: Start Dojo
-        run: docker compose up --no-deps -d postgres nginx uwsgi
+        run: docker compose up -d postgres nginx uwsgi
         env:
           DJANGO_VERSION: ${{ env.release_version }}-alpine
           NGINX_VERSION: ${{ env.release_version }}-alpine

.github/workflows/integration-tests.yml

@@ -63,21 +63,21 @@ jobs:
         run: ln -s docker-compose.override.integration_tests.yml docker-compose.override.yml
 
       - name: Start Dojo 
-        run: docker compose up --no-deps -d postgres nginx celerybeat celeryworker mailhog uwsgi redis
+        run: docker compose up -d postgres nginx celerybeat celeryworker mailhog uwsgi redis
         env:
           DJANGO_VERSION: ${{ matrix.os }}
           NGINX_VERSION: ${{ matrix.os }}
 
       - name: Initialize
         timeout-minutes: 10
-        run: docker compose up --no-deps --exit-code-from initializer initializer
+        run: docker compose up --exit-code-from initializer initializer
         env:
           DJANGO_VERSION: ${{ matrix.os }}
           NGINX_VERSION: ${{ matrix.os }}
 
       - name: Integration tests
         timeout-minutes: 10
-        run: docker compose up --no-deps --exit-code-from integration-tests integration-tests
+        run: docker compose up --exit-code-from integration-tests integration-tests
         env:
           DD_INTEGRATION_TEST_FILENAME: ${{ matrix.test-case }}
           INTEGRATION_TESTS_VERSION: debian

.github/workflows/rest-framework-tests.yml

@@ -44,7 +44,7 @@ jobs:
       # no celery or initializer needed for unit tests
       - name: Unit tests
         timeout-minutes: 10
-        run: docker compose up --no-deps --exit-code-from uwsgi uwsgi
+        run: docker compose up --exit-code-from uwsgi uwsgi
         env:
           DJANGO_VERSION: ${{ matrix.os }}
 

README.md

@@ -50,12 +50,15 @@ docker-compose features and flags. You can run Compose V2 by replacing the hyphe
 git clone https://github.com/DefectDojo/django-DefectDojo
 cd django-DefectDojo
 
+# Check if your installed toolkit is compatible
+./docker/docker-compose-check.sh
+
 # Building Docker images
-./dc-build.sh
+docker compose build
 
 # Run the application (for other profiles besides postgres-redis see  
 # https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/DOCKER.md)
-./dc-up-d.sh postgres-redis
+docker compose up -d
 
 # Obtain admin credentials. The initializer can take up to 3 minutes to run.
 # Use docker compose logs -f initializer to track its progress.
@@ -64,17 +67,13 @@ docker compose logs initializer | grep "Admin password:"
 
 ## For Docker Compose V1
 
-You can run Compose V1 by editing the files below to add the hyphen (-) between `docker compose`. 
+You can run Compose V1 by calling `docker-compose` (by adding the hyphen (-) between `docker compose`). 
+
+Following commands are using original version so you might need to adjust them:
 ```sh
-     dc-build.sh
-     dc-down.sh
-     dc-stop.sh
-     dc-unittest.sh
-     dc-up-d.sh
-     dc-up.sh
-     docker/docker-compose-check.sh
-     docker/entrypoint-initializer.sh
-     docker/setEnv.sh
+docker/docker-compose-check.sh
+docker/entrypoint-initializer.sh
+docker/setEnv.sh
 ```
 
 Navigate to `http://localhost:8080` to see your new instance!

docs/content/en/open_source/contributing/how-to-write-a-parser.md

@@ -295,7 +295,7 @@ $ docker compose exec uwsgi bash -c 'python manage.py test unittests.tools.<your
 or like this:
 
 {{< highlight bash >}}
-$ ./dc-unittest.sh --test-case unittests.tools.<your_unittest_py_file>.<main_class_name>
+$ ./run-unittest.sh --test-case unittests.tools.<your_unittest_py_file>.<main_class_name>
 {{< /highlight >}}
 
 Example for the blackduck hub parser:
@@ -307,7 +307,7 @@ $ docker compose exec uwsgi bash -c 'python manage.py test unittests.tools.test_
 or like this:
 
 {{< highlight bash >}}
-$ ./dc-unittest.sh --test-case unittests.tools.test_blackduck_csv_parser.TestBlackduckHubParser
+$ ./run-unittest.sh --test-case unittests.tools.test_blackduck_csv_parser.TestBlackduckHubParser
 {{< /highlight >}}
 
 If you want to run all unit tests, simply run `$ docker-compose exec uwsgi bash -c 'python manage.py test unittests -v2'`

docs/content/en/open_source/upgrading/2.43.md

@@ -2,7 +2,7 @@
 title: 'Upgrading to DefectDojo Version 2.43.x'
 toc_hide: true
 weight: -20250106
-description: Disclaimer field renamed/split.
+description: Disclaimer field renamed/split, removal of `dc-` scripts, audit log updates, and hash codes updates.
 ---
 
 ### Audit log migration
@@ -16,6 +16,12 @@ for making this migration a two step process.
 
 ---
 
+### Removal of "dc" helper scripts
+
+In the past, when DefectDojo supported different database and message brokers, `dc-` scripts have been added to simplify start of Dojo stack. As these backends are not supported, mentioned scripts are not needed anymore. From now we recommend to use standard `docker compose` (or `docker-compose`) commands as they are described on [README.md](https://github.com/DefectDojo/django-DefectDojo/blob/master/README.md)
+
+---
+
 ### Diversification of Disclaimers
 
 [Pull request #10902](https://github.com/DefectDojo/django-DefectDojo/pull/10902) introduced different kinds of disclaimers within the DefectDojo instance. The original content of the disclaimer was copied to all new fields where it had been used until now (so this change does not require any action on the user's side). However, if users were managing the original disclaimer via API (endpoint `/api/v2/system_settings/1/`, field `disclaimer`), be aware that the fields are now called `disclaimer_notifications` and `disclaimer_reports` (plus there is one additional, previously unused field called `disclaimer_notes`).

docs/content/en/open_source/upgrading/_index.md

@@ -41,9 +41,8 @@ The generic upgrade method for docker compose are as follows:
     ```
 
 -   Go to the directory where your docker-compose.yml file lives
--   Stop DefectDojo: `./dc-stop.sh`
--   Re-start DefectDojo, allowing for container recreation:
-    `./dc-up-d.sh`
+-   Stop DefectDojo: `docker compose stop`
+-   Re-start DefectDojo, allowing for container recreation: `docker compose up -d`
 -   Database migrations will be run automatically by the initializer.
     Check the output via `docker compose logs initializer` or relevant k8s command
 -   If you have the initializer disabled (or if you want to be on the

docs/content/en/open_source/upgrading/upgrading_guide.md

@@ -41,9 +41,8 @@ The generic upgrade method for docker compose are as follows:
     ```
 
 -   Go to the directory where your docker-compose.yml file lives
--   Stop DefectDojo: `./dc-stop.sh`
--   Re-start DefectDojo, allowing for container recreation:
-    `./dc-up-d.sh`
+-   Stop DefectDojo: `docker compose stop`
+-   Re-start DefectDojo, allowing for container recreation: `docker compose up -d`
 -   Database migrations will be run automatically by the initializer.
     Check the output via `docker compose logs initializer` or relevant k8s command
 -   If you have the initializer disabled (or if you want to be on the

dojo/forms.py

@@ -2428,7 +2428,7 @@ def get_jira_issue_template_dir_choices():
 
         for dirname in dirnames:
             clean_base_dir = base_dir.removeprefix(settings.TEMPLATE_DIR_PREFIX)
-            template_dir_list.append((os.path.join(clean_base_dir, dirname), dirname))
+            template_dir_list.append((str(Path(clean_base_dir) / dirname), dirname))
 
     logger.debug("templates: %s", template_dir_list)
     return template_dir_list

dojo/jira_link/helper.py

@@ -1,7 +1,6 @@
 import io
 import json
 import logging
-import os
 from pathlib import Path
 from typing import Any
 
@@ -333,8 +332,8 @@ def get_jira_issue_template(obj):
         template_dir = "issue-trackers/jira_full/"
 
     if isinstance(obj, Finding_Group):
-        return os.path.join(template_dir, "jira-finding-group-description.tpl")
-    return os.path.join(template_dir, "jira-description.tpl")
+        return Path(template_dir) / "jira-finding-group-description.tpl"
+    return Path(template_dir) / "jira-description.tpl"
 
 
 def get_jira_creation(obj):

dojo/models.py

@@ -2,7 +2,6 @@
 import copy
 import hashlib
 import logging
-import os
 import re
 import warnings
 from contextlib import suppress
@@ -158,7 +157,7 @@ def __call__(self, model_instance, filename):
             filename += ext
         if self.directory is None:
             return filename
-        return os.path.join(now().strftime(self.directory), filename)
+        return Path(now().strftime(self.directory)) / filename
 
 
 class Regulation(models.Model):

dojo/settings/settings.dist.py

@@ -442,7 +442,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
     # Put strings here, like "/home/html/static" or "C:/www/django/static".
     # Always use forward slashes, even on Windows.
     # Don't forget to use absolute paths, not relative paths.
-    os.path.join(Path(DOJO_ROOT).parent, "components", "node_modules"),
+    Path(DOJO_ROOT).parent / "components" / "node_modules",
 )
 
 # List of finder classes that know how to find static files in
@@ -912,8 +912,6 @@ def saml2_attrib_map_format(dict):
 SAML2_LOGIN_BUTTON_TEXT = env("DD_SAML2_LOGIN_BUTTON_TEXT")
 SAML2_LOGOUT_URL = env("DD_SAML2_LOGOUT_URL")
 if SAML2_ENABLED:
-    from os import path
-
     import saml2
     import saml2.saml
     # SSO_URL = env('DD_SSO_URL')
@@ -949,7 +947,7 @@ def saml2_attrib_map_format(dict):
         "entityid": str(SAML2_ENTITY_ID),
 
         # directory with attribute mapping
-        "attribute_map_dir": path.join(BASEDIR, "attribute-maps"),
+        "attribute_map_dir": Path(BASEDIR) / "attribute-maps",
         # do now discard attributes not specified in attribute-maps
         "allow_unknown_attributes": SAML_ALLOW_UNKNOWN_ATTRIBUTES,
         # this block states what services we provide

dojo/tools/factory.py

@@ -117,7 +117,7 @@ def requires_tool_type(scan_type):
 package_dir = str(Path(__file__).resolve().parent)
 for module_name in os.listdir(package_dir):  # noqa: PTH208
     # check if it's dir
-    if Path(os.path.join(package_dir, module_name)).is_dir():
+    if (Path(package_dir) / module_name).is_dir():
         try:
             # check if it's a Python module
             if find_spec(f"dojo.tools.{module_name}.parser"):

dojo/views.py

@@ -1,5 +1,4 @@
 import logging
-import os
 from pathlib import Path
 
 from auditlog.models import LogEntry
@@ -151,7 +150,7 @@ def manage_files(request, oid, obj_type):
 
             for o in files_formset.deleted_objects:
                 logger.debug("removing file: %s", o.file.name)
-                Path(os.path.join(settings.MEDIA_ROOT, o.file.name)).unlink()
+                (Path(settings.MEDIA_ROOT) / o.file.name).unlink()
 
             for o in files_formset.new_objects:
                 logger.debug("adding file: %s", o.file.name)
@@ -162,7 +161,7 @@ def manage_files(request, oid, obj_type):
                                                      finding__isnull=True)
             for o in orphan_files:
                 logger.debug("purging orphan file: %s", o.file.name)
-                Path(os.path.join(settings.MEDIA_ROOT, o.file.name)).unlink()
+                (Path(settings.MEDIA_ROOT) / o.file.name).unlink()
                 o.delete()
 
             messages.add_message(