Merge branch 'enhance-2.2-prs' into 'master'

chrismaddalena · chrismaddalena · commit 042eaa894f66 · 2021-04-30T21:45:05.000Z
Enhancement: Incorporating PRs GhostManager#143, GhostManager#152, and GhostManager#158 See merge request ghostmanager/Ghostwriter!114
diff --git a/DOCS/sample_reports/template.docx b/DOCS/sample_reports/template.docx
diff --git a/compose/local/django/Dockerfile b/compose/local/django/Dockerfile
@@ -47,6 +47,8 @@ RUN chmod +x /seed_data
 
 WORKDIR /app
 
+RUN mkdir -p /app/ghostwriter/media
+
 VOLUME ["/app/ghostwriter/media"]
 
 ENTRYPOINT ["/entrypoint"]
diff --git a/compose/production/django/Dockerfile b/compose/production/django/Dockerfile
@@ -51,6 +51,8 @@ RUN chmod +x /seed_data
 
 RUN mkdir -p /app/staticfiles
 
+RUN mkdir -p /app/ghostwriter/media
+
 RUN chown -R django /app
 
 USER django
diff --git a/ghostwriter/modules/reportwriter.py b/ghostwriter/modules/reportwriter.py
@@ -65,6 +65,25 @@ def filter_severity(findings, allowlist):
     return filtered_values
 
 
+def filter_type(findings, allowlist):
+    """
+    Filter list of findings to return only those with a type in the allowlist.
+
+    **Parameters**
+
+    ``findings``
+        List of dictionary objects (JSON) for findings
+    ``allowlist``
+        List of strings matching severity categories to allow through filter
+    """
+    filtered_values = []
+    allowlist = [type.lower() for type in allowlist]
+    for finding in findings:
+        if finding["finding_type"].lower() in allowlist:
+            filtered_values.append(finding)
+    return filtered_values
+
+
 def strip_html(s):
     """
     Strip HTML tags from the provided HTML while preserving newlines created by
@@ -110,6 +129,7 @@ def prepare_jinja2_env(debug=False):
 
     env = jinja2.Environment(undefined=undefined, extensions=["jinja2.ext.debug"])
     env.filters["filter_severity"] = filter_severity
+    env.filters["filter_type"] = filter_type
     env.filters["strip_html"] = strip_html
     env.filters["compromised"] = compromised
 
@@ -1199,10 +1219,10 @@ def process_text_xml(self, text, finding=None):
         """
         prev_p = None
 
-        # Clean text to make it XML compatible for Office XML
-        text = "".join(c for c in text if self.valid_xml_char_ordinal(c))
-
         if text:
+            # Clean text to make it XML compatible for Office XML
+            text = "".join(c for c in text if self.valid_xml_char_ordinal(c))
+
             # Parse the HTML into a BS4 soup object
             soup = BeautifulSoup(text, "lxml")
 
