Merge branch 'bugfix' into fix/parser-tags-performance

Author: valentijnscholten

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.57.0-dev",
+  "version": "2.58.0-dev",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docs/content/supported_tools/parsers/file/invicti.md

@@ -118,7 +118,7 @@ For teams running Invicti Enterprise across multiple applications:
 
 ---
 
-## Sample Scan Data
+### Sample Scan Data
 
 Sample Invicti scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/invicti).
 

dojo/__init__.py

@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = "2.57.0-dev"
+__version__ = "2.57.0"
 __url__ = "https://github.com/DefectDojo/django-DefectDojo"  # noqa: RUF067
 __docs__ = "https://documentation.defectdojo.com"  # noqa: RUF067

dojo/tasks.py

@@ -6,6 +6,7 @@
 from celery.utils.log import get_task_logger
 from django.apps import apps
 from django.conf import settings
+from django.core.exceptions import SuspiciousOperation
 from django.core.management import call_command
 from django.db.models import Count, Prefetch
 from django.urls import reverse
@@ -293,7 +294,37 @@ def update_watson_search_index_for_model(model_name, pk_list, *args, **kwargs):
                 continue
 
         # Let watson handle the bulk indexing
-        context_manager.end()
+        try:
+            context_manager.end()
+        except SuspiciousOperation:
+            # Some finding content (e.g. a very long tag-like string) triggered
+            # Django's strip_tags SuspiciousOperation guard.  Fall back to
+            # per-instance indexing so we can skip the offending object(s)
+            # instead of silently dropping the entire batch.
+            # https://www.djangoproject.com/weblog/2025/may/07/security-releases/
+            # https://github.com/DefectDojo/django-DefectDojo/issues/14649
+            logger.warning(
+                f"Batch watson index update for {model_name} hit SuspiciousOperation; "
+                "falling back to per-instance indexing",
+            )
+            instances_added = 0
+            instances_skipped = 0
+            for instance in instances:
+                single_ctx = SearchContextManager()
+                single_ctx.start()
+                try:
+                    single_ctx.add_to_context(engine, instance)
+                    single_ctx.end()
+                    instances_added += 1
+                except SuspiciousOperation:
+                    logger.warning(
+                        f"Skipping watson index update for {model_name}:{instance.pk} "
+                        "— content triggered SuspiciousOperation in strip_tags",
+                    )
+                    instances_skipped += 1
+                except Exception as e:
+                    logger.warning(f"Skipping watson index update for {model_name}:{instance.pk} - {e}")
+                    instances_skipped += 1
 
         logger.debug(f"Completed async watson index update: {instances_added} updated, {instances_skipped} skipped")
 

helm/defectdojo/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: "2.57.0-dev"
+appVersion: "2.58.0-dev"
 description: A Helm chart for Kubernetes to install DefectDojo
 name: defectdojo
-version: 1.9.21-dev
+version: 1.9.22-dev
 icon: https://defectdojo.com/hubfs/DefectDojo_favicon.png
 maintainers:
   - name: madchap

helm/defectdojo/README.md

@@ -511,7 +511,7 @@ The HELM schema will be generated for you.
 
 # General information about chart values
 
-![Version: 1.9.21-dev](https://img.shields.io/badge/Version-1.9.21--dev-informational?style=flat-square) ![AppVersion: 2.57.0-dev](https://img.shields.io/badge/AppVersion-2.57.0--dev-informational?style=flat-square)
+![Version: 1.9.22-dev](https://img.shields.io/badge/Version-1.9.22--dev-informational?style=flat-square) ![AppVersion: 2.58.0-dev](https://img.shields.io/badge/AppVersion-2.58.0--dev-informational?style=flat-square)
 
 A Helm chart for Kubernetes to install DefectDojo