Uploaded File Management: Centralize file serving and bolster error handling

[Maffooch]

The management of file uploads within DefectDojo is inconsistent under a handful of scenarios related to permissions and functionalities. This PR accomplishes the following:

• Unify the logic to create a FileResponse to ensure the same Content-Disposition and naming conventions
• Add some extra checks around permissions of files, and the objects that hold them

[sc-7039]

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on improving the file serving and access control mechanisms in the DefectDojo application, including implementing additional authorization checks, using a more efficient StreamingHttpResponse approach, introducing a custom generate_file_response function, and refactoring the file access logic to enhance the overall security posture of the application.

Expand for full summary

Summary:

The code changes in this pull request focus on improving the file serving and access control mechanisms in the DefectDojo application. The changes across multiple files, including dojo/engagement/views.py, dojo/utils.py, dojo/views.py, and dojo/api_v2/views.py, are aimed at enhancing the security and efficiency of the file download functionality.

Key security improvements include:

1. Implementing additional authorization checks to ensure users can only access files associated with the engagements they have permission to.
2. Using a more efficient StreamingHttpResponse approach to serve file content, which can help prevent issues related to memory consumption or timeouts when downloading large files.
3. Introducing a custom generate_file_response function to handle file serving in a secure and consistent manner, replacing the use of the potentially vulnerable django.views.static.serve function.
4. Refactoring the file access logic to verify the association between files and their corresponding objects, further restricting unauthorized access.

Overall, these changes demonstrate a proactive approach to improving the application's security posture by addressing potential vulnerabilities and enhancing the overall file handling and access control mechanisms.

Files Changed:

1. dojo/engagement/views.py: The changes in this file focus on the download_risk_acceptance function, adding an authorization check to ensure users can only access risk acceptance files associated with the engagements they have permission to. Additionally, the file serving method has been updated to use StreamingHttpResponse for better efficiency.

2. dojo/utils.py: This file has been updated to include the generate_file_response function, which provides a centralized and secure way to generate file responses for the application.

3. dojo/views.py: The changes in this file involve removing the use of the django.views.static.serve function and replacing it with the custom generate_file_response function. This helps to mitigate potential security risks associated with directly exposing files on the server. The file access verification logic has also been improved.

4. dojo/api_v2/views.py: The changes in this file focus on refactoring the download_file function to use the generate_file_response function, ensuring a consistent and secure file download implementation across the application.

Code Analysis

We ran 9 analyzers against 4 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	6 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved