Merge pull request DefectDojo#662 from DefectDojo/dev

aaronweaver · web-flow · commit 24f1fa6eb318 · 2018-07-24T20:30:02.000-04:00
Dev
diff --git a/dojo/models.py b/dojo/models.py
@@ -1004,7 +1004,13 @@ class Meta:
         ordering = ('numerical_severity', '-date', 'title')
 
     def get_hash_code(self):
-        hash_string = self.title + self.description + str(self.line) + str(self.file_path)
+        hash_string = self.title + str(self.cwe) + str(self.line) + str(self.file_path)
+
+        if self.dynamic_finding:
+            endpoint_str = ""
+            for e in self.endpoints.all():
+                endpoint_str += str(e)
+            hash_string = endpoint_str
         hash_string = hash_string.decode('utf-8').strip()
         return hashlib.sha256(hash_string.encode('utf-8')).hexdigest()
 
@@ -1137,8 +1143,8 @@ def save(self, dedupe_option=True, rules_option=True, *args, **kwargs):
         if not self.pk:
             from dojo.utils import apply_cwe_to_template
             self = apply_cwe_to_template(self)
-            self.hash_code = self.get_hash_code()
         super(Finding, self).save(*args, **kwargs)
+        self.hash_code = self.get_hash_code()
         self.found_by.add(self.test.test_type)
         if self.test.test_type.static_tool:
             self.static_finding = True
diff --git a/dojo/templates/dojo/view_finding.html b/dojo/templates/dojo/view_finding.html
@@ -495,7 +495,7 @@ <h4>Steps To Reproduce <span class="pull-right"><a data-toggle="collapse" href="
                         class="glyphicon glyphicon-chevron-up"></i></a></span></h4>
             </div>
             <div id="vuln_refs" class="panel-body collapse in">
-                <pre>{{ finding.steps_to_reproduce|markdown_render }}</pre>
+                <pre>{{ finding.steps_to_reproduce|markdown_render|default_if_none:"" }}</pre>
             </div>
         </div>
 
@@ -505,7 +505,7 @@ <h4>Severity Justification <span class="pull-right"><a data-toggle="collapse" hr
                         class="glyphicon glyphicon-chevron-up"></i></a></span></h4>
             </div>
             <div id="vuln_refs" class="panel-body collapse in">
-                <pre>{{ finding.severity_justification|markdown_render }}</pre>
+                <pre>{{ finding.severity_justification|markdown_render|default_if_none:"" }}</pre>
             </div>
         </div>
 
diff --git a/dojo/utils.py b/dojo/utils.py
@@ -58,14 +58,15 @@ def sync_dedupe(new_finding, *args, **kwargs):
     eng_hash_code = Finding.objects.filter(
         test__engagement__product=new_finding.test.engagement.product,
         hash_code=new_finding.hash_code, duplicate=False).exclude(id=new_finding.id)
-    for find in eng_hash_code:
-        new_finding.duplicate = True
-        new_finding.active = False
-        new_finding.verified = False
-        new_finding.duplicate_finding = find
-        find.duplicate_list.add(new_finding)
-        find.found_by.add(new_finding.test.test_type)
-        super(Finding, new_finding).save(*args, **kwargs)
+    if eng_hash_code.count() > 0:
+        for find in eng_hash_code:
+            new_finding.duplicate = True
+            new_finding.active = False
+            new_finding.verified = False
+            new_finding.duplicate_finding = find
+            find.duplicate_list.add(new_finding)
+            find.found_by.add(new_finding.test.test_type)
+            super(Finding, new_finding).save(*args, **kwargs)
     else:
         eng_findings_cwe = Finding.objects.filter(
             test__engagement__product=new_finding.test.engagement.product,
