Open StephanPillhofer opened 8 months ago
manuel-sommer
commented
7 months ago I looked into it. This is not very straight forward as this is how models.CharField of Django works by default. What is your opinion @Maffooch ? However, I am by far not a Django expert.
StephanPillhofer
commented
7 months ago @manuel-sommer I couldn't find any reference regarding that titlecase is applied by default. Can you maybe post a link?
Also, if it really is the default behaviour, why is the tranformation currently done again within the source code of DefectDojo?
Thank you!
kiblik
commented
7 months ago It is not because of the defaults of CharField. It is implemented in the save() function of Finding. But I have no idea why
manuel-sommer
commented
7 months ago Ah, my bad, sorry for the wrong info, I deleted the last comment (missinformation)
kiblik
commented
7 months ago I would maybe propose removal (keep only truncate to 511) and we will see how the community will react.
manuel-sommer
commented
7 months ago Will that change also affect deduplication of findings?
kiblik
commented
7 months ago Will that change also affect deduplication of findings?
Ufff, it will. And quite a lot :-/
kiblik
commented
7 months ago Maybe making it option is not that bad idea
manuel-sommer
commented
7 months ago Btw: I uploaded cyclonedx files and these were not saved as titlecase. Take a look here: https://github.com/DefectDojo/django-DefectDojo/issues/9474
StephanPillhofer
commented
7 months ago That's strange. Based on the code I woud assume titlecasing is always applied when saving a finding.
StephanPillhofer
commented
6 months ago Any update on that matter? @manuel-sommer
At the moment we have to edit the source code every time we update to a new version of DefectDojo.
manuel-sommer
commented
6 months ago Where exactly do you edit the source code to fix the problem? Here?
StephanPillhofer
commented
6 months ago yes, we just comment this line
StephanPillhofer
commented
3 months ago @manuel-sommer
This is a problem for us since our team does not have direct access to the source code to build a custom version of the docker containers and deploy them. A simple if statement to exclude the marked code snipped via docker compose env vars would be great!
manuel-sommer
commented
3 months ago Hi @StephanPillhofer, at the moment I am pretty limited timewise. Thus, could you please do a PR yourself? I guess you already know how to do it.
Problem DefectDojo currently always applys titlecasing to save the title for findings. This is very inconvinient when working with different languages which do not work with English titlecasing. Therefore the current implementation creates spelling errors which later need to be corrected manually when, for example, creating a report.
Solution Include a configuration option using an env variable to enable/disable titlecasing.