Quotes

Author: kiblik

dojo/templates/notifications/webhooks/subtemplates/base.tpl

@@ -1,14 +1,14 @@
 {% load display_tags %}
 ---
-description: "{{ description | default_if_none:'' }}"
-title: "{{ title | default_if_none:'' }}"
-user: {{ user | default_if_none:'' }}
+description: "{{ description | default_if_none:'' | tojson }}"
+title: "{{ title | default_if_none:'' | tojson }}"
+user: {{ user | default_if_none:'' | tojson }}
 {% if url %}
-url_ui:  {{ url|full_url }}
+url_ui:  {{ url | full_url | tojson }}
 {% endif %}
 {% if url_api %}
-url_api:  {{ url_api|full_url }}
+url_api:  {{ url_api | full_url | tojson }}
 {% endif %}
 {% if system_settings.disclaimer_notifications and system_settings.disclaimer_notifications.strip %}
-disclaimer:  {{ system_settings.disclaimer_notifications }}
+disclaimer:  {{ system_settings.disclaimer_notifications | tojson }}
 {% endif %}

dojo/templates/notifications/webhooks/subtemplates/engagement.tpl

@@ -7,7 +7,7 @@
 {% url 'view_engagement' engagement.id as engagement_url_ui %}
 {% url 'engagement-detail' engagement.id as engagement_url_api %}
 engagement:
-    name: {{ engagement.name | default_if_none:'' }}
+    name: {{ engagement.name | default_if_none:'' | tojson }}
     id: {{ engagement.pk }}
-    url_ui: {{ engagement_url_ui|full_url }}
-    url_api: {{ engagement_url_api|full_url }}
+    url_ui: {{ engagement_url_ui | full_url | tojson }}
+    url_api: {{ engagement_url_api | full_url | tojson }}

dojo/templates/notifications/webhooks/subtemplates/findings_list.tpl

@@ -3,10 +3,10 @@
 {% url 'view_finding' finding.id as finding_url_ui %}
 {% url 'finding-detail' finding.id as finding_url_api %}
     - id: {{ finding.pk }}
-      title: {{ finding.title | default_if_none:'' }}
-      severity: {{ finding.severity | default_if_none:'' }}
-      url_ui: {{ finding_url_ui|full_url }}
-      url_api: {{ finding_url_api|full_url }}
+      title: {{ finding.title | default_if_none:'' | tojson }}
+      severity: {{ finding.severity | default_if_none:'' | tojson }}
+      url_ui: {{ finding_url_ui | full_url | tojson }}
+      url_api: {{ finding_url_api | full_url | tojson }}
 {% empty %}
     []
 {% endfor %}

dojo/templates/notifications/webhooks/subtemplates/product.tpl

@@ -7,7 +7,7 @@
 {% url 'view_product' product.id as product_url_ui %}
 {% url 'product-detail' product.id as product_url_api %}
 product:
-    name: {{ product.name | default_if_none:'' }}
+    name: {{ product.name | default_if_none:'' | tojson }}
     id: {{ product.pk }}
-    url_ui: {{ product_url_ui|full_url }}
-    url_api: {{ product_url_api|full_url }}
+    url_ui: {{ product_url_ui | full_url | tojson }}
+    url_api: {{ product_url_api | full_url | tojson }}

dojo/templates/notifications/webhooks/subtemplates/product_type.tpl

@@ -2,7 +2,7 @@
 {% url 'view_product_type' product_type.id as product_type_url_ui %}
 {% url 'product_type-detail' product_type.id as product_type_url_api %}
 product_type:
-    name: {{ product_type.name | default_if_none:'' }}
+    name: {{ product_type.name | default_if_none:'' | tojson }}
     id: {{ product_type.pk }}
-    url_ui: {{ product_type_url_ui|full_url }}
-    url_api: {{ product_type_url_api|full_url }}
+    url_ui: {{ product_type_url_ui | full_url | tojson }}
+    url_api: {{ product_type_url_api | full_url | tojson }}

dojo/templates/notifications/webhooks/subtemplates/test.tpl

@@ -7,7 +7,7 @@
 {% url 'view_test' test.id as test_url_ui %}
 {% url 'test-detail' test.id as test_url_api %}
 test:
-    title: {{ test.title | default_if_none:'' }}
+    title: {{ test.title | default_if_none:'' | tojson }}
     id: {{ test.pk }}
-    url_ui: {{ test_url_ui|full_url }}
-    url_api: {{ test_url_api|full_url }}
+    url_ui: {{ test_url_ui | full_url | tojson }}
+    url_api: {{ test_url_api | full_url | tojson }}

unittests/test_notifications.py

@@ -923,3 +923,56 @@ def test_events_messages(self, mock):
                     "url_ui": "http://localhost:8080/finding/235",
                 }],
             })
+
+        with self.subTest("scan_added problematic titles"):
+            BaseImporter(
+                environment=Development_Environment.objects.get_or_create(name="Development")[0],
+                scan_type="ZAP Scan",
+            ).notify_scan_added(
+                test,
+                updated_count=4,
+                new_findings=[
+                    Finding.objects.create(test=test, title="Colon: New Finding", severity="Critical"),
+                ],
+                findings_mitigated=[
+                    Finding.objects.create(test=test, title="[Brackets] Mitigated Finding", severity="Medium"),
+                ],
+                findings_reactivated=[
+                    Finding.objects.create(test=test, title='"Quotation1" Reactivated Finding', severity="Low"),
+                ],
+                findings_untouched=[
+                    Finding.objects.create(test=test, title="'Quotation2' Untouched Finding", severity="Info"),
+                ],
+            )
+            self.assertEqual(mock.call_args.kwargs["headers"]["X-DefectDojo-Event"], "scan_added")
+            self.maxDiff = None
+            self.assertEqual(mock.call_args.kwargs["json"]["findings"], {
+                "new": [{
+                    "id": 232,
+                    "title": "Colon: New Finding",
+                    "severity": "Critical",
+                    "url_api": "http://localhost:8080/api/v2/findings/232/",
+                    "url_ui": "http://localhost:8080/finding/232",
+                }],
+                "mitigated": [{
+                    "id": 233,
+                    "title": "[Brackets] Mitigated Finding",
+                    "severity": "Medium",
+                    "url_api": "http://localhost:8080/api/v2/findings/233/",
+                    "url_ui": "http://localhost:8080/finding/233",
+                }],
+                "reactivated": [{
+                    "id": 234,
+                    "title": '"Quotation1" Reactivated Finding',
+                    "severity": "Low",
+                    "url_api": "http://localhost:8080/api/v2/findings/234/",
+                    "url_ui": "http://localhost:8080/finding/234",
+                }],
+                "untouched": [{
+                    "id": 235,
+                    "title": "'Quotation2' Untouched Finding",
+                    "severity": "Info",
+                    "url_api": "http://localhost:8080/api/v2/findings/235/",
+                    "url_ui": "http://localhost:8080/finding/235",
+                }],
+            })