Merge pull request DefectDojo#8813 from DefectDojo/release/2.27.1

Release: Merge release into master from: release/2.27.1
trnayan · Oct 10, 2023 · be2ef1a · be2ef1a
2 parents bef8f14 + ea727d7
commit be2ef1a
Show file tree

Hide file tree

Showing 9 changed files with 107 additions and 24 deletions.
diff --git a/Dockerfile.integration-tests-debian b/Dockerfile.integration-tests-debian
@@ -14,31 +14,43 @@ RUN \
     gpg \
     default-jre-headless \
     jq \
+    apt-file \
+    libnss3 \
+    xvfb \
     && \
   apt-get clean && \
-  rm -rf /var/lib/apt/lists && \
   true
 
-# Installing Google Chrome browser
+RUN pip install --no-cache-dir selenium==4.9.0 requests
+
+# Install the latest Google Chrome stable release
+WORKDIR /opt/chrome
 RUN \
-  curl -sS -o - https://dl.google.com/linux/linux_signing_key.pub | apt-key add && \
-  echo "deb [arch=amd64]  http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list && \
-  apt-get -y update && \
-  apt-get -y install \
-    google-chrome-stable=117.0.5938.132-1 \
-  && \
-  apt-get clean && \
-  rm -rf /var/lib/apt/lists && \
-  true
+  chrome_url=$(curl https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions-with-downloads.json | jq -r '.channels[] | select(.channel == "Stable") | .downloads.chrome[] | select(.platform == "linux64").url') && \
+  wget $chrome_url && \
+  unzip chrome-linux64.zip && \
+  rm -rf chrome-linux64.zip && \
+  chmod -R 0755 . && \
+  ln -s /opt/chrome/chrome-linux64/chrome /usr/bin/chrome
 
-RUN pip install --no-cache-dir selenium==4.9.0 requests
+# Install the dependencies for Google Chrome
+RUN apt-file update
+COPY docker/install_chrome_dependencies.py install_chrome_dependencies.py
+RUN \
+  missing_chrome_deps=$(python install_chrome_dependencies.py) && \
+  apt-get -y install $missing_chrome_deps
+
+# Install a suggested list of additional packages (https://stackoverflow.com/a/76734752)
+RUN apt-get install -y libxi6 libgconf-2-4 jq libjq1 libonig5 libxkbcommon0 libxss1 libglib2.0-0 libnss3 \
+  libfontconfig1 libatk-bridge2.0-0 libatspi2.0-0 libgtk-3-0 libpango-1.0-0 libgdk-pixbuf2.0-0 libxcomposite1 \
+  libxcursor1 libxdamage1 libxtst6 libappindicator3-1 libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libxfixes3 \
+  libdbus-1-3 libexpat1 libgcc1 libnspr4 libgbm1 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxext6 \
+  libxrandr2 libxrender1 gconf-service ca-certificates fonts-liberation libappindicator1 lsb-release xdg-utils
 
-# Installing Chromedriver
+# Installing the latest stable Google Chrome driver release
 WORKDIR /opt/chrome-driver
 RUN \
-  chrome_version=$(apt-cache show google-chrome-stable | grep Version | awk '{print $2}' | cut -d '-' -f 1) && \
-  chrome_version_blob=$(curl -k https://googlechromelabs.github.io/chrome-for-testing/known-good-versions-with-downloads.json | jq ".versions[] | select(.version==\"$chrome_version\")") && \
-  chromedriver_url=https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/117.0.5938.92/linux64/chromedriver-linux64.zip && \
+  chromedriver_url=$(curl https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions-with-downloads.json | jq -r '.channels[] | select(.channel == "Stable") | .downloads.chromedriver[] | select(.platform == "linux64").url') && \
   wget $chromedriver_url && \
   unzip -j chromedriver-linux64.zip chromedriver-linux64/chromedriver && \
   rm -rf chromedriver-linux64.zip && \
@@ -62,4 +74,4 @@ ENV \
   DD_ADMIN_USER=admin \
   DD_ADMIN_PASSWORD='' \
   DD_BASE_URL="http://localhost:8080/"
-CMD ["/entrypoint-integration-tests.sh"]
+CMD ["/entrypoint-integration-tests.sh"]
diff --git a/components/package.json b/components/package.json
@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.27.0",
+  "version": "2.27.1",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

diff --git a/docker/entrypoint-integration-tests.sh b/docker/entrypoint-integration-tests.sh
@@ -23,6 +23,7 @@ if [ $COUNTER -gt 10 ]; then
 fi
 
 export CHROMEDRIVER=$(find /opt/chrome-driver -name chromedriver)
+export CHROME_PATH=/opt/chrome/chrome
 
 # Run available unittests with a simple setup
 # All available Integrationtest Scripts are activated below

diff --git a/docker/install_chrome_dependencies.py b/docker/install_chrome_dependencies.py
@@ -0,0 +1,60 @@
+"""
+This solution is largely based on the Playwright's browser dependencies script at
+https://github.com/microsoft/playwright/blob/main/utils/linux-browser-dependencies/inside_docker/list_dependencies.js
+"""
+
+import subprocess
+
+
+def find_packages(library_name):
+    stdout = run_command(["apt-file", "search", library_name])
+    if not stdout.strip():
+        return []
+    libs = [line.split(":")[0] for line in stdout.strip().split("\n")]
+    return list(set(libs))
+
+
+def run_command(cmd, cwd=None, env=None):
+    result = subprocess.run(cmd, cwd=cwd, env=env, capture_output=True, text=True)
+    return result.stdout
+
+
+def ldd(file_path):
+    stdout = run_command(["ldd", file_path])
+    # For simplicity, I'm assuming if we get an error, the code is non-zero.
+    try:
+        result = subprocess.run(
+            ["ldd", file_path], capture_output=True, text=True
+        )
+        stdout = result.stdout
+        code = result.returncode
+    except subprocess.CalledProcessError:
+        stdout = ""
+        code = 1
+    return stdout, code
+
+
+raw_deps = ldd("/opt/chrome/chrome")
+dependencies = raw_deps[0].splitlines()
+
+missing_deps = {
+    r[0].strip()
+    for d in dependencies
+    for r in [d.split("=>")]
+    if len(r) == 2 and r[1].strip() == "not found"
+}
+
+missing_packages = []
+for d in missing_deps:
+    all_packages = find_packages(d)
+    packages = [
+        p
+        for p in all_packages
+        if not any(
+            p.endswith(suffix) for suffix in ["-dbg", "-test", "tests", "-dev", "-mesa"]
+        )
+    ]
+    for p in packages:
+        missing_packages.append(p)
+
+print(" ".join(missing_packages))
diff --git a/docs/content/en/getting_started/upgrading.md b/docs/content/en/getting_started/upgrading.md
@@ -72,6 +72,10 @@ godojo installations
 
 If you have installed DefectDojo on "iron" and wish to upgrade the installation, please see the [instructions in the repo](https://github.com/DefectDojo/godojo/blob/master/docs-and-scripts/upgrading.md).
 
+## Upgrading to DefectDojo Version 2.27.x.
+
+There are no special instruction for upgrading to 2.27.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.27.0) for the contents of the release.
+
 ## Upgrading to DefectDojo Version 2.26.x.
 
 There are no special instruction for upgrading to 2.26.0. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.26.0) for the contents of the release.

diff --git a/dojo/__init__.py b/dojo/__init__.py
@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa
 
-__version__ = '2.27.0'
+__version__ = '2.27.1'
 __url__ = 'https://github.com/DefectDojo/django-DefectDojo'
 __docs__ = 'https://documentation.defectdojo.com'
diff --git a/dojo/templates/dojo/product.html b/dojo/templates/dojo/product.html
@@ -350,8 +350,14 @@ <h3 class="has-filters">
                         'Very Low': 1,
                         'None': 0
                       };
-                      return type === 'sort' ? criticals[getDojoExportValueFromTag(data, 'i', 'data-content')] :
-                            type === 'export' ? getDojoExportValueFromTag(data, 'i', 'data-content') : data;
+                      if (type === 'sort') {
+                        return criticals[getDojoExportValueFromTag(data, 'i', 'data-content')]
+                      } else if (type === 'export') {
+                          return getDojoExportValueFromTag(data, 'i', 'data-content')
+                      } else if (data != undefined||data != null) {
+                          return data
+                      }
+                      return ""
                     }},
                     { "data": "metadata", render: function (data, type, row) {
                             return type === 'export' ? getDojoExportValueFromTag(data, 'i', 'data-content') :  data;

diff --git a/dojo/tools/jfrog_xray_api_summary_artifact/parser.py b/dojo/tools/jfrog_xray_api_summary_artifact/parser.py
@@ -139,7 +139,7 @@ def get_item(
 
     # Add vulnerability ids
     vulnerability_ids = list()
-    if "cve" in cves[0]:
+    if cves and "cve" in cves[0]:
         vulnerability_ids.append(cves[0]["cve"])
     if "issue_id" in vulnerability:
         vulnerability_ids.append(vulnerability["issue_id"])

diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: "2.27.0"
+appVersion: "2.27.1"
 description: A Helm chart for Kubernetes to install DefectDojo
 name: defectdojo
-version: 1.6.89
+version: 1.6.90
 icon: https://www.defectdojo.org/img/favicon.ico
 maintainers:
   - name: madchap