{{ finding.title }} {% include "dojo/snippets/tags.html" with tags=finding.tags.all %} {% if finding.last_reviewed %} Last Reviewed {{ finding.last_reviewed | naturalday }} by {{ finding.last_reviewed_by }}, {% else %} Last Reviewed {{ finding.date | naturalday }} by {{ finding.reporter }}, {% endif %} {% if finding.last_status_update %} Last Status Update {{ finding.last_status_update | naturalday }}, {% endif %} Created {% if finding.last_reviewed > finding.created %} {{ finding.created | naturalday }} {% else %} {{ finding.date | naturalday }} {% endif %}
{% endif %}
{% if not cwe_template.cwe and "dojo.add_finding_template"|has_configuration_permission:"staff" %}
Create a CWE Remediation Template
{% endif %}
{% if finding|has_object_permission:"Finding_Edit" and "dojo.view_finding_template"|has_configuration_permission:"staff" %}
Apply Template to Finding
{% endif %}
{% if finding|has_object_permission:"Finding_Edit" %}
{% if finding.mitigated %}
Open Finding
{% else %}
Close Finding
{% endif %}
{% endif %}
{% if finding|has_object_permission:"Risk_Acceptance" %}
{% if finding.risk_accepted %}
Unaccept Risk
{% else %}
{% if not finding.duplicate %}
{% if finding.test.engagement.product.enable_simple_risk_acceptance %}
Accept Risk
{% endif %}
{% if finding.test.engagement.product.enable_full_risk_acceptance %}
Add Risk Acceptance...
{% endif %}
{% endif %}
{% endif %}
{% endif %}
View History
{% if finding|has_object_permission:"Finding_Delete" %}
Delete Finding
{% endif %}
| Alert: This Finding is under review and may not be 100% accurate. {% if dojo_user in finding.reviewers.all or dojo_user == finding.review_requested_by %} [Clear Review] {% endif %} | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Alert: Please review this finding to verify if the defect is remediated. [Review Finding for Closure] | ||||||||||||||||||
| ID | Severity | {% if system_settings.enable_finding_sla %}SLA | {% endif %} {% if finding.scanner_confidence %}Scanner Confidence | {% endif %}Status | {% if finding.risk_acceptance_set.all %}Risk Acceptance | {% endif %} {% if finding.duplicate_finding %}Original | {% endif %} {% if duplicate_cluster and not finding.duplicate %}Duplicates | {% elif duplicate_cluster and finding.duplicate %}Duplicate Cluster | {% endif %}Type | Date discovered | Age | {% if finding.publish_date %}Vuln Publish date | {% endif %}Reporter | {% if finding.mitigated %}Date Mitigated | Mitigated By | {% endif %}CWE | CVE | Found by |
| {{ finding.id }} | {% if finding.severity %} {% if finding.cvssv3 %} {% endif %} {{ finding.severity_display }} {% if finding.cvssv3_score %} ({{ finding.cvssv3_score }}) {% endif %} {% if finding.cvssv3 %} {% endif %} {% else %} Unknown {% endif %} | {% if system_settings.enable_finding_sla %}{{ finding|finding_sla }} | {% endif %} {% if finding.scanner_confidence %}{{finding.get_scanner_confidence_text}} | {% endif %}{% comment %} {% if finding.duplicate %} {% include "dojo/finding_related_actions.html" with similar_finding=finding finding_context=finding intro=finding|finding_display_status|safe %} {% else %} {{ finding|finding_display_status|safe }} {% endif %} {% endcomment %} {{ finding|finding_display_status|safe }} {{ finding|import_history }} | {% if finding.risk_acceptance_set.all %}{% for ra in finding.risk_acceptance_set.all|slice:":5" %} {% endfor %} | {% endif %} {% if finding.duplicate_finding %}{% endif %} {% if duplicate_cluster %} |
{% for duplicate in duplicate_cluster|slice:"5" %}
{% endfor %}
{% if duplicate_cluster|length > 5 %}
...
{% endif %}
|
{% endif %}
{% if finding.static_finding and finding.dynamic_finding > 0 %} Static/Dynamic {% elif finding.static_finding > 0 %} Static {% else %} Dynamic {% endif %} | {{ finding.date }} | {{ finding.age }} days | {% if finding.publish_date %}{{ finding.publish_date }} | {% endif %}{{ finding.reporter }} | {% if finding.mitigated %}{{ finding.mitigated }} | {{ finding.mitigated_by }} | {% endif %}{% if finding.cwe > 0 %} {{ finding.cwe }} {% endif %} | {% if finding.cve|slice:":3" == 'CVE' %}{{ finding.cve }} | {% else %}{{ finding.cve }} | {% endif %}{% for scanner in found_by %} {{ scanner }} {% endfor %} |
| Source Filepath | Source Line Number | Source Object |
|---|---|---|
| {{ finding.get_sast_source_file_path_with_link|safe }} | {{ finding.sast_source_line }} | {{ finding.sast_source_object }} |
| Sink Filepath | Sink Line Number | Sink Object |
|---|---|---|
| {{ finding.get_file_path_with_link|safe }} | {{ finding.line }} | {{ finding.sast_sink_object }} |
| Service | {% endif %} {% if finding.file_path %}Location | {% endif %} {% if finding.line %}Line Number | {% endif %} {% if finding.nb_occurences > 1 %}Nb occurences | {% endif %} {% if finding.component_name %}Component Name | {% endif %} {% if finding.component_version %}Component Version | {% endif %} {% if finding.has_jira_configured or finding.jira_issue %}JIRA | JIRA Change | {% endif %} {% if finding.github_conf_new or finding.github_issue %}GitHub | {% endif %} {% if 'FEATURE_FINDING_GROUPS'|setting_enabled and finding.finding_group %}Group | {% endif %}
|---|---|---|---|---|---|---|---|---|---|
| {{ finding.service }} | {% endif %} {% if finding.file_path %}{{ finding.get_file_path_with_link|safe }} | {% endif %} {% if finding.line %}{{ finding.line }} | {% endif %} {% if finding.nb_occurences > 1 %}{{ finding.nb_occurences }} | {% endif %} {% if finding.component_name %}{{ finding.component_name }} | {% endif %} {% if finding.component_version %}{{ finding.component_version }} | {% endif %} {% if finding.has_jira_configured or finding.has_jira_issue or finding.has_jira_group_issue %}{% if finding.has_jira_group_issue %} {{ finding.finding_group | jira_key }} {% endif %} {% if finding.has_jira_issue %} {{ finding | jira_key }} {% else %} {% if can_be_pushed_to_jira %} {% if not finding.has_jira_group_issue %} None {% comment %} {% endcomment %} {% endif %} {% else %} {% endif %} {% endif %} |
{% if finding.has_jira_group_issue %}
{{ finding.finding_group.jira_issue.jira_change|naturalday }}
{% elif finding.jira_issue %}
{{ finding.jira_issue.jira_change|naturalday }}
{% endif %}
|
{% endif %}
{% if finding.github_conf_new or finding.github_issue %}
{% if finding.github_issue %} #{{ finding.github_issue.issue_id }} {% endif %} | {% endif %} {% if 'FEATURE_FINDING_GROUPS'|setting_enabled and finding.finding_group %}{{ finding.finding_group.name }} | {% endif %}
| Injected Parameter(s) | {% if finding.payload %}Payload | {% endif %}
|---|---|
| {{ finding.param|default_if_none:"" }} | {% if finding.payload %}{{ finding.payload|default_if_none:"" }} | {% endif %}
{% if finding.duplicate_finding %}
{% include "dojo/finding_related_list.html" with finding_context=finding finding_first_related=finding.duplicate_finding finding_list=duplicate_cluster prefix='duplicate' %}
{% else %}
{% include "dojo/finding_related_list.html" with finding_context=finding finding_first_related=finding finding_list=duplicate_cluster prefix='duplicate' %}
{% endif %}
{% url 'view_finding' finding.id as finding_url %}
{% include "dojo/filter_snippet.html" with form=similar_findings_filter.form form_id="similar" clear_js=True restart_link=finding_url %}
{% if similar_findings_filter %}
{% include "dojo/finding_related_list.html" with finding_context=finding finding_list=similar_findings prefix='similar' %}
{% endif %}
{% if files %}
{% endif %}
{% if finding.burprawrequestresponse_set.all %}
{% endif %}
{% if finding.static_finding != True and system_settings.enable_credentials %}
{% if cred_finding or creds %}
{% else %}
{% endif %}
{% endif %}
{% include "dojo/snippets/sonarqube_history.html" with finding=finding only %}
{% include "dojo/snippets/comments.html" with notes=notes object=finding destination="finding" %}
{% for file in files %}
{{ file.title }}
{% endfor %}
Credential {% if not cred_finding and finding|has_object_permission:"Finding_Edit" %} {% if cred_engagement or creds %} {% endif %} {% endif %}
| Name | Username | Role | Environment | Authentication Provider | Login Valid | Actions |
|---|---|---|---|---|---|---|
|
Credential Configured for this Finding
{% if not cred_finding %}
|
||||||
| {{ cred.cred_id.name }} | {{ cred.cred_id.username }} | {{ cred.cred_id.role }} | {{ cred.cred_id.environment }} | {{ cred.is_authn_provider }} | {{ cred.cred_id.is_valid }} | |
| Credentials Inherited from Test: {{ finding.test }} | ||||||
| {{ cred.cred_id.name }} | {{ cred.cred_id.username }} | {{ cred.cred_id.role }} | {{ cred.cred_id.environment }} | {{ cred.is_authn_provider }} | {{ cred.cred_id.is_valid }} | |
No credentials configured. {% if not cred_engagement %} Configure engagement credentials first, then add a credential to the test or finding. {% endif %}
ProTip! Type e to edit any finding, p and n to navigate to the previous or next finding.
{% endblock %}
{% block postscript %}
{{ block.super }}
{% include "dojo/filter_js_snippet.html" %}
{% endblock %}