Notifications: Convert to classes

[Maffooch]

This has been a long time coming 😄

[sc-8894]

[dryrunsecurity]

DryRun Security Summary

The pull request focuses on improving the notification functionality of the DefectDojo application, including refactoring the notification system to use a modular and extensible architecture, introducing new notification managers for different types of notifications, and enhancing the handling of webhook notifications to improve the security and reliability of the application's notification system.

Expand for full summary

Summary:

The code changes in this pull request focus on improving the notification functionality of the DefectDojo application, which is an important aspect of application security management. The changes include refactoring the notification system to use a modular and extensible architecture, introducing new notification managers for different types of notifications (Slack, MS Teams, Email, Webhooks, and Alerts), and improving the handling of webhook notifications.

The key security-related improvements include:

1. Improved Notification Handling: The new NotificationManager and its subclasses provide a more organized and extensible way to handle various types of notifications, making it easier to maintain and extend the notification system.
2. Enhanced Error Handling and Logging: The changes include better error handling and logging mechanisms, which can help identify and address any issues that may arise during the notification process.
3. Webhook Monitoring and Reactivation: The WebhookNotificationManger class includes logic to monitor the status of webhook endpoints and automatically reactivate them if they are temporarily unavailable, improving the reliability of the webhook notification system.
4. Asynchronous Task Execution: The use of Celery tasks for sending notifications ensures that the notification process does not block the main application, improving overall performance and responsiveness.

Overall, the changes in this pull request appear to be focused on improving the security and reliability of the DefectDojo application's notification system, which is an important component of an application security management tool.

Files Changed:

1. dojo/importers/default_importer.py: The changes in this file are focused on improving the notification functionality when a new test is created or a scan is added, providing more detailed information in the notifications.
2. dojo/importers/base_importer.py: The changes introduce a new notify_scan_added() function to create notifications when a new scan is added or updated, including details on the findings, engagement, and product information.
3. dojo/engagement/views.py: The changes update the add_tests function to use the new create_notification function instead of the deprecated notifications_helper.notify_test_created function.
4. dojo/importers/default_reimporter.py: The changes in this file focus on improving the re-import functionality, including handling of deduplication, mitigated findings, and special status findings, as well as updating the notification system.
5. dojo/notifications/views.py: The changes in this file are related to the Notification Webhooks functionality, including refactoring, error handling improvements, and the addition of webhook deactivation functionality.
6. unittests/test_notifications.py: The changes introduce new notification manager classes, update notification triggers and message formats, and add tests for the webhook notification system.
7. dojo/notifications/helper.py: The changes introduce a new NotificationManager class and its subclasses, which provide a modular and extensible architecture for handling different types of notifications, with improved error handling and webhook monitoring capabilities.

Code Analysis

We ran 9 analyzers against 7 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.