Skip to content
Permalink
Browse files

Merge pull request #1624 from ptrovatelli/add-nosniff-header

Add nosniff header and other improvments related to installation
  • Loading branch information
devGregA committed Dec 10, 2019
2 parents adcca87 + 08f336b commit 5274bc1e0fb7f84c1a947347228d2b104380ed47
@@ -100,11 +100,9 @@ ENV \
DD_DATABASE_PASSWORD="defectdojo" \
DD_DATABASE_PORT="3306" \
DD_DATABASE_USER="defectdojo" \
DD_SECRET_KEY="hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq" \
DD_CREDENTIAL_AES_256_KEY="&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw" \
DD_INITIALIZE=true \
DD_UWSGI_MODE="socket" \
DD_UWSGI_ENDPOINT="0.0.0.0:3031" \
DD_DJANGO_ADMIN_ENABLED="on" \
DD_TRACK_MIGRATIONS="on"
DD_DJANGO_ADMIN_ENABLED="True" \
DD_TRACK_MIGRATIONS="True"
ENTRYPOINT ["/entrypoint-uwsgi.sh"]
@@ -6,7 +6,7 @@ services:
volumes:
- '.:/app:z'
environment:
DD_DEBUG: 'on'
DD_DEBUG: 'True'
celeryworker:
volumes:
- '.:/app:z'
@@ -6,7 +6,7 @@ services:
volumes:
- '.:/app:z'
environment:
DD_DEBUG: 'on'
DD_DEBUG: 'True'
ports:
- target: 3000
published: 3000
@@ -11,7 +11,7 @@ services:
volumes:
- '.:/app:z'
environment:
DD_DEBUG: 'on'
DD_DEBUG: 'True'
DD_TEST_DATABASE_NAME: ${DD_TEST_DATABASE_NAME:-test_defectdojo}
DD_DATABASE_NAME: ${DD_TEST_DATABASE_NAME:-test_defectdojo}
celerybeat:
@@ -22,11 +22,13 @@ services:
- mysql
entrypoint: ['/wait-for-it.sh', 'mysql:3306', '-t', '30', '--', '/entrypoint-uwsgi.sh']
environment:
DD_DEBUG: 'off'
DD_DEBUG: 'False'
DD_ALLOWED_HOSTS: ${DD_ALLOWED_HOSTS:-*}
DD_DATABASE_URL: ${DD_DATABASE_URL:-mysql://defectdojo:defectdojo@mysql:3306/defectdojo}
DD_CELERY_BROKER_USER: ${DD_CELERY_BROKER_USER:-guest}
DD_CELERY_BROKER_PASSWORD: ${DD_CELERY_BROKER_USER:-guest}
DD_SECRET_KEY: ${DD_SECRET_KEY:-hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq}
DD_CREDENTIAL_AES_256_KEY: ${DD_CREDENTIAL_AES_256_KEY:-&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw}
celerybeat:
image: defectdojo/defectdojo-django:latest
depends_on:
@@ -37,6 +39,8 @@ services:
DD_DATABASE_URL: ${DD_DATABASE_URL:-mysql://defectdojo:defectdojo@mysql:3306/defectdojo}
DD_CELERY_BROKER_USER: ${DD_CELERY_BROKER_USER:-guest}
DD_CELERY_BROKER_PASSWORD: ${DD_CELERY_BROKER_USER:-guest}
DD_SECRET_KEY: ${DD_SECRET_KEY:-hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq}
DD_CREDENTIAL_AES_256_KEY: ${DD_CREDENTIAL_AES_256_KEY:-&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw}
celeryworker:
image: defectdojo/defectdojo-django:latest
depends_on:
@@ -47,6 +51,8 @@ services:
DD_DATABASE_URL: ${DD_DATABASE_URL:-mysql://defectdojo:defectdojo@mysql:3306/defectdojo}
DD_CELERY_BROKER_USER: ${DD_CELERY_BROKER_USER:-guest}
DD_CELERY_BROKER_PASSWORD: ${DD_CELERY_BROKER_USER:-guest}
DD_SECRET_KEY: ${DD_SECRET_KEY:-hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq}
DD_CREDENTIAL_AES_256_KEY: ${DD_CREDENTIAL_AES_256_KEY:-&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw}
initializer:
image: defectdojo/defectdojo-django:latest
depends_on:
@@ -59,6 +65,8 @@ services:
DD_ADMIN_FIRST_NAME: ${DD_ADMIN_FIRST_NAME:-Admin}
DD_ADMIN_LAST_NAME: ${DD_ADMIN_LAST_NAME:-User}
DD_INITIALIZE: ${DD_INITIALIZE:-true}
DD_SECRET_KEY: ${DD_SECRET_KEY:-hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq}
DD_CREDENTIAL_AES_256_KEY: ${DD_CREDENTIAL_AES_256_KEY:-&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw}
mysql:
image: mysql:5.7.27@sha256:540488d8f0e04c1077d17934d1c1511fe417e2221dff508ce4621f5efe6131db
environment:
@@ -17,7 +17,8 @@
DD_SECURE_HSTS_SECONDS=(int, 31536000), # One year expiration
DD_SESSION_COOKIE_SECURE=(bool, False),
DD_CSRF_COOKIE_SECURE=(bool, False),
DD_SECURE_BROWSER_XSS_FILTER=(bool, False),
DD_SECURE_BROWSER_XSS_FILTER=(bool, True),
DD_SECURE_CONTENT_TYPE_NOSNIFF=(bool, True),
DD_TIME_ZONE=(str, 'UTC'),
DD_LANG=(str, 'en-us'),
DD_WKHTMLTOPDF=(str, '/usr/local/bin/wkhtmltopdf'),
@@ -318,6 +319,9 @@ def generate_url(scheme, double_slashes, user, password, host, port, path):
# mode=block header on all responses that do not already have it.
SECURE_BROWSER_XSS_FILTER = env('DD_SECURE_BROWSER_XSS_FILTER')

# If True, the SecurityMiddleware sets the X-Content-Type-Options: nosniff;
SECURE_CONTENT_TYPE_NOSNIFF = env('DD_SECURE_CONTENT_TYPE_NOSNIFF')

# Whether to use HTTPOnly flag on the session cookie.
# If this is set to True, client-side JavaScript will not to be able to access the session cookie.
SESSION_COOKIE_HTTPONLY = env('DD_SESSION_COOKIE_HTTPONLY')
@@ -1,8 +1,8 @@
# Django Debug, don't enable on production!
DD_DEBUG=off
DD_DEBUG=False

# Enables Django Admin
DD_DJANGO_ADMIN_ENABLED=on
DD_DJANGO_ADMIN_ENABLED=True

# A secret key for a particular Django installation.
DD_SECRET_KEY=#DD_SECRET_KEY#
@@ -19,7 +19,7 @@ DD_ALLOWED_HOSTS=#DD_ALLOWED_HOSTS#
# WhiteNoise allows your web app to serve its own static files,
# making it a self-contained unit that can be deployed anywhere without relying on nginx,
# if using nginx then disable Whitenoise
DD_WHITENOISE=on
DD_WHITENOISE=True

# -------------------------------------------------------
# Additional Settings / Override defaults in settings.py
@@ -29,22 +29,25 @@ DD_WHITENOISE=on
# DD_TIME_ZONE=America/New_York

# Track migrations through source control rather than making migrations locally
# DD_TRACK_MIGRATIONS=on
# DD_TRACK_MIGRATIONS=False

# Whether to use HTTPOnly flag on the session cookie.
# DD_SESSION_COOKIE_HTTPONLY=on
# DD_SESSION_COOKIE_HTTPONLY=True

# Whether to use HttpOnly flag on the CSRF cookie.
# DD_CSRF_COOKIE_HTTPONLY=on
# DD_CSRF_COOKIE_HTTPONLY=True

# If True, the SecurityMiddleware redirects all non-HTTPS requests to HTTPS
# DD_SECURE_SSL_REDIRECT=off
# DD_SECURE_SSL_REDIRECT=False

# Whether to use a secure cookie for the CSRF cookie.
# DD_CSRF_COOKIE_SECURE=off
# DD_CSRF_COOKIE_SECURE=False

# If on, the SecurityMiddleware sets the X-XSS-Protection: 1;
# DD_SECURE_BROWSER_XSS_FILTER=on
# If True, the SecurityMiddleware sets the X-XSS-Protection: 1;
# DD_SECURE_BROWSER_XSS_FILTER=True

# If True, the SecurityMiddleware sets the X-Content-Type-Options: nosniff;
# DD_SECURE_CONTENT_TYPE_NOSNIFF=True

# Change the default language set
# DD_LANG=en-us
@@ -46,7 +46,7 @@ def _check_ptvsd_port_not_in_use(port):


ptvsd_port = 3000
if os.environ.get("DD_DEBUG") == "on" and _check_ptvsd_port_not_in_use(ptvsd_port):
if os.environ.get("DD_DEBUG") == "True" and _check_ptvsd_port_not_in_use(ptvsd_port):
try:
# enable remote debugging
import ptvsd
@@ -72,24 +72,25 @@ DEV_ADMIN_PASS="admin"
ADMIN_EMAIL=${ADMIN_EMAIL:-"ed@example.com"}

# Django settings.py vars
DD_DEBUG=${DD_DEBUG:="off"} # Django Debug, defaults to off and should be for production. Can be off or on
DD_DJANGO_ADMIN_ENABLED=${DD_DJANGO_ADMIN_ENABLED:-"on"} # Enables Django Admin, defaults to on - either off or on
DD_DEBUG=${DD_DEBUG:="False"} # Django Debug, defaults to False and should be for production. Can be True or False
DD_DJANGO_ADMIN_ENABLED=${DD_DJANGO_ADMIN_ENABLED:-"True"} # Enables Django Admin, defaults to True - either False or True
DD_SECRET_KEY="GENERATED-DYNAMICALLY-AT-INSTALL-TIME" # A secret key for a particular Django installation.
DD_CREDENTIAL_AES_256_KEY="GENERATED-DYNAMICALLY-AT-INSTALL-TIME" # Key for encrypting credentials in the manager
DD_DATABASE_URL=${DD_DATABASE_URL:-"mysql://dojodbusr:vee0Thoanae1daePooz0ieka@localhost:3306/dojodb"} # Database URL, options: postgres://, mysql://, sqlite://, to use unsafe characters encode with urllib.parse.encode
DD_ALLOWED_HOSTS=${DD_ALLOWED_HOSTS:-"*"} # Hosts/domain names that are valid for this site - Separate accepted hosts with a comma for 2+ hostnames
# WhiteNoise allows your web app to serve its own static files,
# making it a self-contained unit that can be deployed anywhere without relying on nginx,
# if using nginx then disable Whitenoise
DD_WHITENOISE=${DD_WHITENOISE:-"on"} # Valid options: on, off
DD_WHITENOISE=${DD_WHITENOISE:-"True"} # Valid options: True, False
# Additional Settings / Override defaults in settings.py
DD_TIME_ZONE=${DD_TIME_ZONE:-"America/New_York"} # Timezone - default America/New_York
DD_TRACK_MIGRATIONS=${DD_TRACK_MIGRATIONS:-"on"} # Track migrations through source control rather than making migrations locally
DD_SESSION_COOKIE_HTTPONLY=${DD_SESSION_COOKIE_HTTPONLY:-"on"} # Whether to use HTTPOnly flag on the session cookie - either on or off
DD_CSRF_COOKIE_HTTPONLY=${DD_CSRF_COOKIE_HTTPONLY:-"on"} # Whether to use HttpOnly flag on the CSRF cookie - either on or off
DD_SECURE_SSL_REDIRECT=${DD_SECURE_SSL_REDIRECT:-"off"} # If True, the SecurityMiddleware redirects all non-HTTPS requests to HTTPS - either on or off
DD_CSRF_COOKIE_SECURE=${DD_CSRF_COOKIE_SECURE:-"off"} # Whether to use a secure cookie for the CSRF cookie - either on or off
DD_SECURE_BROWSER_XSS_FILTER=${DD_SECURE_BROWSER_XSS_FILTER:-"on"} # If on, the SecurityMiddleware sets the X-XSS-Protection: 1; - either on or off
DD_TRACK_MIGRATIONS=${DD_TRACK_MIGRATIONS:-"True"} # Track migrations through source control rather than making migrations locally
DD_SESSION_COOKIE_HTTPONLY=${DD_SESSION_COOKIE_HTTPONLY:-"True"} # Whether to use HTTPOnly flag on the session cookie - either True or False
DD_CSRF_COOKIE_HTTPONLY=${DD_CSRF_COOKIE_HTTPONLY:-"True"} # Whether to use HttpOnly flag on the CSRF cookie - either True or False
DD_SECURE_SSL_REDIRECT=${DD_SECURE_SSL_REDIRECT:-"False"} # If True, the SecurityMiddleware redirects all non-HTTPS requests to HTTPS - either True or False
DD_CSRF_COOKIE_SECURE=${DD_CSRF_COOKIE_SECURE:-"False"} # Whether to use a secure cookie for the CSRF cookie - either True or False
DD_SECURE_BROWSER_XSS_FILTER=${DD_SECURE_BROWSER_XSS_FILTER:-"True"} # If True, the SecurityMiddleware sets the X-XSS-Protection: 1; - either True or False
DD_SECURE_CONTENT_TYPE_NOSNIFF=${DD_SECURE_CONTENT_TYPE_NOSNIFF:-"True"} # If True, the SecurityMiddleware sets the X-Content-Type-Options: nosniff;
DD_LANG=${DD_LANG:-"en-us"} # Change the default language set
DD_WKHTMLTOPDF=${DD_WKHTMLTOPDF:-"/usr/local/bin/wkhtmltopdf"} # Path to PDF library
DD_TEAM_NAME=${DD_TEAM_NAME:-"Security"} # Security team name, used for outgoing emails
@@ -458,7 +458,7 @@ function prepare_settings_file() {
echo 'DD_ALLOWED_HOSTS="localhost"' >> ${ENV_SETTINGS_FILE}
fi

echo 'DD_DEBUG="on"' >> ${ENV_SETTINGS_FILE}
echo 'DD_DEBUG="True"' >> ${ENV_SETTINGS_FILE}
echo 'DD_SECRET_KEY="'${SECRET}'"' >> ${ENV_SETTINGS_FILE}
echo 'DD_CREDENTIAL_AES_256_KEY="'${AES_PASSPHRASE}'"' >> ${ENV_SETTINGS_FILE}
}
@@ -46,6 +46,9 @@ DD_CSRF_COOKIE_SECURE=#DD_CSRF_COOKIE_SECURE#
# If on, the SecurityMiddleware sets the X-XSS-Protection: 1; - default is on
DD_SECURE_BROWSER_XSS_FILTER=#DD_SECURE_BROWSER_XSS_FILTER#

# If True, the SecurityMiddleware sets the X-Content-Type-Options: nosniff;
DD_SECURE_CONTENT_TYPE_NOSNIFF=#DD_SECURE_CONTENT_TYPE_NOSNIFF#

# Change the default language set - default is en-us
DD_LANG=#DD_LANG#

@@ -213,6 +213,8 @@ function create_dojo_settings() {
sed -i -e 's%#DD_PORT_SCAN_EXTERNAL_UNIT_EMAIL_LIST#%'$DD_PORT_SCAN_EXTERNAL_UNIT_EMAIL_LIST'%' "$ENV_TARGET_FILE"
echo "22"
sed -i -e 's%#DD_PORT_SCAN_SOURCE_IP#%'$DD_PORT_SCAN_SOURCE_IP'%' "$ENV_TARGET_FILE"
echo "23"
sed -i -e 's%#DD_SECURE_CONTENT_TYPE_NOSNIFF#%'$DD_SECURE_CONTENT_TYPE_NOSNIFF'%' "$ENV_TARGET_FILE"
# File paths for settings.py
#sed -i -e 's%#DOJO_ROOT#%'$DOJO_ROOT'%' "$TARGET_SETTINGS_FILE"
#sed -i -e 's%#MEDIA_ROOT#%'$MEDIA_ROOT'%' "$TARGET_SETTINGS_FILE"
@@ -14,7 +14,7 @@ export DJANGO_SETTINGS_MODULE=dojo.settings.unittest
export DD_SECRET_KEY=`cat /dev/urandom | LC_CTYPE=C tr -dc "a-zA-Z0-9" | head -c 128`
export DD_CREDENTIAL_AES_256_KEY=`cat /dev/urandom | LC_CTYPE=C tr -dc "a-zA-Z0-9" | head -c 128`
export DD_DATABASE_URL="sqlite:///test.db"
export DD_DEBUG=on
export DD_DEBUG=True

python manage.py makemigrations dojo
python manage.py migrate
@@ -65,6 +65,7 @@ echo " CSRF_COOKIE_SECURE = True"
echo " SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')"
echo " SECURE_SSL_REDIRECT = True"
echo " SECURE_BROWSER_XSS_FILTER = True"
echo " SECURE_CONTENT_TYPE_NOSNIFF = True"
echo " django.middleware.security.SecurityMiddleware"
echo
echo "When you're ready to start the DefectDojo server, type in this directory:"
@@ -73,7 +73,7 @@ DEV_ADMIN_PASS="admin"
ADMIN_EMAIL=${ADMIN_EMAIL:-"ed@example.com"}

# Django settings.py vars
DD_DEBUG=${DD_DEBUG:="off"} # Django Debug, defaults to off and should be for production. Can be off or on
DD_DEBUG=${DD_DEBUG:="False"} # Django Debug, defaults to False and should be for production. Can be False or True
DD_DJANGO_ADMIN_ENABLED=${DD_DJANGO_ADMIN_ENABLED:-"on"} # Enables Django Admin, defaults to on - either off or on
DD_SECRET_KEY="GENERATED-DYNAMICALLY-AT-INSTALL-TIME" # A secret key for a particular Django installation.
DD_CREDENTIAL_AES_256_KEY="GENERATED-DYNAMICALLY-AT-INSTALL-TIME" # Key for encrypting credentials in the manager
@@ -82,15 +82,16 @@ DD_ALLOWED_HOSTS=${DD_ALLOWED_HOSTS:-"*"} # Hosts/domain names th
# WhiteNoise allows your web app to serve its own static files,
# making it a self-contained unit that can be deployed anywhere without relying on nginx,
# if using nginx then disable Whitenoise
DD_WHITENOISE=${DD_WHITENOISE:-"on"} # Valid options: on, off
DD_WHITENOISE=${DD_WHITENOISE:-"True"} # Valid options: True, False
# Additional Settings / Override defaults in settings.py
DD_TIME_ZONE=${DD_TIME_ZONE:-"America/New_York"} # Timezone - default America/New_York
DD_TRACK_MIGRATIONS=${DD_TRACK_MIGRATIONS:-"on"} # Track migrations through source control rather than making migrations locally
DD_SESSION_COOKIE_HTTPONLY=${DD_SESSION_COOKIE_HTTPONLY:-"on"} # Whether to use HTTPOnly flag on the session cookie - either on or off
DD_CSRF_COOKIE_HTTPONLY=${DD_CSRF_COOKIE_HTTPONLY:-"on"} # Whether to use HttpOnly flag on the CSRF cookie - either on or off
DD_SECURE_SSL_REDIRECT=${DD_SECURE_SSL_REDIRECT:-"off"} # If True, the SecurityMiddleware redirects all non-HTTPS requests to HTTPS - either on or off
DD_CSRF_COOKIE_SECURE=${DD_CSRF_COOKIE_SECURE:-"off"} # Whether to use a secure cookie for the CSRF cookie - either on or off
DD_SECURE_BROWSER_XSS_FILTER=${DD_SECURE_BROWSER_XSS_FILTER:-"on"} # If on, the SecurityMiddleware sets the X-XSS-Protection: 1; - either on or off
DD_TRACK_MIGRATIONS=${DD_TRACK_MIGRATIONS:-"True"} # Track migrations through source control rather than making migrations locally
DD_SESSION_COOKIE_HTTPONLY=${DD_SESSION_COOKIE_HTTPONLY:-"True"} # Whether to use HTTPOnly flag on the session cookie - either True or False
DD_CSRF_COOKIE_HTTPONLY=${DD_CSRF_COOKIE_HTTPONLY:-"True"} # Whether to use HttpOnly flag on the CSRF cookie - either True or False
DD_SECURE_SSL_REDIRECT=${DD_SECURE_SSL_REDIRECT:-"False"} # If True, the SecurityMiddleware redirects all non-HTTPS requests to HTTPS - either True or False
DD_CSRF_COOKIE_SECURE=${DD_CSRF_COOKIE_SECURE:-"False"} # Whether to use a secure cookie for the CSRF cookie - either True or False
DD_SECURE_BROWSER_XSS_FILTER=${DD_SECURE_BROWSER_XSS_FILTER:-"True"} # If True, the SecurityMiddleware sets the X-XSS-Protection: 1; - either True or False
DD_SECURE_CONTENT_TYPE_NOSNIFF=${DD_SECURE_CONTENT_TYPE_NOSNIFF:-"True"} # If True, the SecurityMiddleware sets the X-Content-Type-Options: nosniff;
DD_LANG=${DD_LANG:-"en-us"} # Change the default language set
DD_WKHTMLTOPDF=${DD_WKHTMLTOPDF:-"/usr/local/bin/wkhtmltopdf"} # Path to PDF library
DD_TEAM_NAME=${DD_TEAM_NAME:-"Security"} # Security team name, used for outgoing emails
@@ -620,5 +620,5 @@ function slim_defect_dojo_settings() {
# Copy settings file
ENV_SETTINGS_FILE=dojo/settings/.env.prod
cp dojo/settings/template-env ${ENV_SETTINGS_FILE}
sed -i'' "s&# DD_TRACK_MIGRATIONS=on&#DD_TRACK_MIGRATIONS=on&g" ${ENV_SETTINGS_FILE}
sed -i'' "s&# DD_TRACK_MIGRATIONS=True&#DD_TRACK_MIGRATIONS=True&g" ${ENV_SETTINGS_FILE}
}
@@ -43,9 +43,12 @@ DD_SECURE_SSL_REDIRECT=#DD_SECURE_SSL_REDIRECT#
# Whether to use a secure cookie for the CSRF cookie - default is off
DD_CSRF_COOKIE_SECURE=#DD_CSRF_COOKIE_SECURE#

# If on, the SecurityMiddleware sets the X-XSS-Protection: 1; - default is on
# If True, the SecurityMiddleware sets the X-XSS-Protection: 1; - default is on
DD_SECURE_BROWSER_XSS_FILTER=#DD_SECURE_BROWSER_XSS_FILTER#

# If True, the SecurityMiddleware sets the X-Content-Type-Options: nosniff;
DD_SECURE_CONTENT_TYPE_NOSNIFF=#DD_SECURE_CONTENT_TYPE_NOSNIFF#

# Change the default language set - default is en-us
DD_LANG=#DD_LANG#

@@ -318,6 +318,7 @@ function create_dojo_settings() {
sed -i -e 's%#DD_PORT_SCAN_RESULT_EMAIL_FROM#%'$DD_PORT_SCAN_RESULT_EMAIL_FROM'%' "$ENV_TARGET_FILE"
sed -i -e 's%#DD_PORT_SCAN_EXTERNAL_UNIT_EMAIL_LIST#%'$DD_PORT_SCAN_EXTERNAL_UNIT_EMAIL_LIST'%' "$ENV_TARGET_FILE"
sed -i -e 's%#DD_PORT_SCAN_SOURCE_IP#%'$DD_PORT_SCAN_SOURCE_IP'%' "$ENV_TARGET_FILE"
sed -i -e 's%#DD_SECURE_CONTENT_TYPE_NOSNIFF#%'$DD_SECURE_CONTENT_TYPE_NOSNIFF'%' "$ENV_TARGET_FILE"
# File paths for settings.py
#sed -i -e 's%#DOJO_ROOT#%'$DOJO_ROOT'%' "$TARGET_SETTINGS_FILE"
#sed -i -e 's%#MEDIA_ROOT#%'$MEDIA_ROOT'%' "$TARGET_SETTINGS_FILE"
@@ -16,7 +16,7 @@ export DJANGO_SETTINGS_MODULE=dojo.settings.unittest
export DD_SECRET_KEY=`cat /dev/urandom | LC_CTYPE=C tr -dc "a-zA-Z0-9" | head -c 128`
export DD_CREDENTIAL_AES_256_KEY=`cat /dev/urandom | LC_CTYPE=C tr -dc "a-zA-Z0-9" | head -c 128`
export DD_DATABASE_URL="sql"
export DD_DEBUG=on
export DD_DEBUG=True

python manage.py makemigrations dojo
python manage.py migrate
@@ -110,7 +110,6 @@ echo " SESSION_COOKIE_SECURE = True"
echo " CSRF_COOKIE_SECURE = True"
echo " SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')"
echo " SECURE_SSL_REDIRECT = True"
echo " SECURE_BROWSER_XSS_FILTER = True"
echo " django.middleware.security.SecurityMiddleware"
echo
echo "When you're ready to start the DefectDojo server, type in this directory:"

0 comments on commit 5274bc1

Please sign in to comment.
You can’t perform that action at this time.