Skip to content
Permalink
Browse files

Add unittests as a travis job

add unittest travis file

update unittest script

Add sudo and --user option

update unittest script

add chromedriver install to script

update script

update chromedriver install script

correct script for chromedriver

adjust permission mode for chromedriver

fix calling chmod without sudo

Add chrome selenium headless option to product unittests

Add google chrome binary

Add code to setup admin user and password environment variables

adjust script

readjust script

adjust test script and server ports in products

update script

update script

update script

update script

update script

update test files and add to travis unittest

comment out tests not ready and add check to exit if any test fails

replace deprecated method

replace deprecated method

Testing fail

Testing fail

update all unit tests with if condition

Add express option to add jira configs

Appease accesslint bot

Remove JIRA status if product is not configured

fix initial date format

Add wait time to test_add_product_finding_test

comment out product unit test from script

testing a very long wait time

testing a very long wait time

try remove headless from engagement test

Try out my page load wait function

make some changes

make some changes

update file load option in engagement import scan test

update file load option in engagement import scan test

update file load option in engagement import scan test

update change

adjust unitest

try out dev activation in script

Correct overlooked error in #1498

Add table of contents to HTML/Asciidoc reports

Return dedupe to a "working" state

Return close_old_findings

Delete setup.bash

This is the old setup.bash. New one is in the setup folder. Removing to disable confusion.

enhanced blackduck parser

fixing flake8 errors

[wip] to squash. unittest failing locally bc it seems it does not recognize the
zipfile.

increase filepath to 4000 varchar to hold bigger paths concatenation

Use Python 3.5-compatible code

adding .zip extension to choose report file from

Fix unit tests and syntax errors

Check subtype of report object and cast if necessary

In-app doc update

change file name and dep order

remove old file name

Fix Jira status bug

Fix product manager displays

Added option to set caption for finding images

Add option to move engagements to different products

Update migrations to make builds happy

BUGFIX: The test summary table in the engagement view displays the name of the engagement lead in each row instead of the test lead. This PR changes this UI bug so that the name of the test lead in the row "Lead" will appear.

Manually set parent of duplicate

Include description in filter

Correct duplicate options display

Add test name to dropdown

Trying again with some print out

Add fix for test_image_add error

add recursive to file permission on django dockerfile

add recursive to file permission on django dockerfile

MOdify docker file to create media folder

MOdify docker file to create media folder2

Add sudo to python3 calls

checking out sudo

rearrange users

adjust selenium

update python3 version

giving virtulenv a try

adjust dockerfile

modify docker file again

move docker compose into script

comment out user1001 in dockerfilenginx nd django

Add some os user management to script and docker file

Add virtualenv

Trying python within container

add selenium

fix python

adding full script

adding full script

try stuff

Added google chrome addon to travis

add -f install to travis

running build with docker-compose

trying out unit_test docker-compose override

Defect Dojo/SonarQube integration

Reverted f-Strings, replace them with String.format

Reverted f-Strings, replace them with String.format

Fixing AttributeError: module 're' has no attribute 'RegexFlag'

Flake8 fix

Updated finding page to show SonarQube transition history

Updated finding page to show SonarQube transition history

Renumbered migration to 0011 after latest dev merge

Fix for SonarQube versions with no Security Hotspot support

Rebuild migration after pulling upstream/dev

SonarQube integration suggestions pending to implement

Fixing accesslint

Renamed migrations after merging upstream/dev

Fix flake8 error

Updated migration to solve mysql case insensitive issue
Added a temp rule cache in SonarQube client to import findings faster

Update and rename 0017_sonarqube_api_integration.py to 0018_sonarqube_api_integration.py

Bump django from 2.2.1 to 2.2.4

Bumps [django](https://github.com/django/django) from 2.2.1 to 2.2.4.
- [Release notes](https://github.com/django/django/releases)
- [Commits](django/django@2.2.1...2.2.4)

Signed-off-by: dependabot[bot] <support@github.com>

adjust finding status to display product metrics

oversight fix + no verified filter for open_finding

Signed-off-by: Fred Blaise <fred.blaise@gmail.com>

remove unique contraint from jira_id

add missing volumes in docker dev mode

Fix bug when displaying accepted findings

If the cwe is None (which is the default), displaying the accepted finding will throw a type error. This is a relict form the python 3 migration: https://docs.python.org/3/whatsnew/3.0.html#ordering-comparisons

on behalf of DB Systel GmbH

urlunsplit crash if no path is specified

json_output doesnt exist

v1 aqua parser

Signed-off-by: Fred Blaise <fred.blaise@protonmail.com>

promote_to_finding crash on endpoints

Make finding images downloadable via API

FEATURE: Adds an alert box to add_template.html to the delete template button  to confirm the deletion.
BUGFIX: Force the validation check for required input fields

fix bug with jumping sidebar

The sidebar jumps down if you hover over it. Now the sidebar remains on the top.

On behalf of DB System GmbH

API Filter Enhancements for engagements

Added title and engagement to Test object API filters

Fix Flake8

Manually merged DefectDojo master and Development

added on delete cascade for note_type foreign key

Removed urlresolvers

Editing a note modified with note types

Changed the code to match PEP8 standards

Added unit tests for note types

Added missing aria-labels

Moved db changes to a separate file

Report generation modified with note-types

Improved report generation changes

Fixed the conflicts in db migrations files

Resolve conflicts in comments.html file

Fix tables of contents and test pdf report

Allow for newlines in notes

Fix whitesource parser

The whitesource parser fails if the report does not contain all information. Now it will using an empty default value instead.

On behalft of DB Systel GmbH

fix introduced regression

Signed-off-by: Fred Blaise <fred.blaise@protonmail.com>

add external relationnal db support

Update configmap.yaml

typo

typo

weird config map behavior

chqnge postgresql secret name

typo

fixes #1566 add unittest and try-catch.

issue_1542 fix - Using dynamic secret name

Checkmarx API enhancements

Convert tabs to spaces

Add ability to import OWASP Dependency Track Finding Packaging Format (FPF) Exports as a scan

Trim whitespace

Fix flake8 issues

Add Dependency Track parser to test_types fixture

Updates to Dojo fidning title and description to accomodate for optional fields from Dependency Track

Updates to JSON file parsing to accomodate for Django file wrapper vs normal Python File objects

Resolve conflicts with other test type that was added to dev branch

Update test_type.json

Fix issue #1576 and #1577

add product unit test

Fix flake8 issues

go back to installing and setting up chrome browser from unittest script

Update unit tests to reflect all new changes

Update unit tests to reflect all new changes

comment out engagement unittest

remove excess import scan test

Implement Azure AD Tenant OAuth. Fix #1307

As more and more enterprises are leveraging Office 365 and Azure,
implementing Azure AD authentication using OAuth would be extremely
helpful as an alternative from relying on AD/LDAP connectivity, enabling
admins to deploy Defect Dojo in the cloud without having to send
authentication requests back to on-premises AD/LDAP.

This implementation is based on social-core, building upon the
pre-existing OKTA and Google integration.

ptvsd debug option

Incorporating @ptrovatelli's suggestions.

make flake8 happy

increase strip from 20 to 200 chars

Introducing DataTables to Products and Findings

Separating product tags into their own column:
Product tags were added just to the right of the product name. this made very difficult to properly export as CSV or Excel in the upcoming DataTables effort, so splitting the tags which provide relevant information in their own column was the most efficient route to support DataTables export

Introducing DataTables to Products and Findings

Removing DataTables from node package as it is not working, but adding static files.

Added DataTables to Products and Findings html pages to support better sorting, filtering and exporting.

Remove sorting and exporting from DataTables on non relevant fields

Checkboxes and action fields should not be sortable nor exportable, which this commit addresses for Product and Findings list view

Adding the All Engagements View

Dojo menu had a "All Engagements" entry, but it opened Active Engagements only.

This commit still respects the Active Engagements but introduces the All Engagements view

DataTables now available on All Engagements

Introducing support for DataTables for all engagements view

Remove sorting and exporting from DataTables on non relevant fields

Checkboxes and action fields should not be sortable nor exportable, which this commit addresses for All Engagements view

Improve Product view filtering

Include additional fields that can be used for filtering the product view

fix finding.cwe in filters

Add Note Create and Delete to Api V2 Finding Endpoint

Adjust Flake inconsistencies

Handle error when no note found

Fix flake8

add sed script to change user id from 1001 to 1000 before building container

fix css selector for import button

remove unused import

update user id sed script and also uncomment dedupe test"

Clean up unittest by removing excess debug print logs

Remove Survery Fixture

Make foxtures run on install

Trying thigs

Configure survey presentation on dojo side

Finishing touches on the dojo side

Change migration name before pulling current dev

Change dependency as well

Change dependency as well

Add finding ID, Eng. Version and tags to search results. Fixes #1559

On the simple search results, adding new column to contain the Finding ID (Dojo ID) and also include engagement version and engagements tag under the engagement column.

Fixes #1559

Update migrations to mesh with dev branch

Revert a silly merge mistake

remove index and replace with keys

adding channel origin id to model, and take either one

restored processing of single security.csv file. Re-enabled unittests
for csv. Added extra file for new security.csv header format.

Fixed wrong column name for csv title processing

Fixed property name

Fix Import OpenVas Scan Result

Issues:
OpenVas Scan Result were not imported.

Solution:
Adapt the code for python 3
We've edit dojo/tools/openvas_csv/parser.py , now it is able to import the scan without a 500 error and with the Findings.

clean up debug code

Fix Tab Issues

To much space

Fix Flake8 errors to resolve premature approval

Update issue templates

mrod-updating-serializer

mrod-updating-model

mcr-fixingProductList

mcr-fixingProductList

Fix Flake8 errors

Transition Finding from Mitigated using Jira doesn't remove Mitigated status

Manage Manual Changes in SonarQube

adjust docker-compose build and run in script

use release image docker-compose override
  • Loading branch information
propersam committed Aug 16, 2019
1 parent 3d62860 commit 7359237aa0fc599c049cc443b1e0bc04369498cc
Showing with 8,467 additions and 516 deletions.
  1. +2 −2 .github/ISSUE_TEMPLATE/bug_report.md
  2. +2 −2 .github/ISSUE_TEMPLATE/importer_request.md
  3. +1 −1 .github/ISSUE_TEMPLATE/security_issue.md
  4. +5 −0 .gitignore
  5. +1 −0 .travis.yml
  6. +141 −0 0001_initial.py
  7. +42 −0 DOCKER.md
  8. +3 −2 Dockerfile.django
  9. +6 −0 docker-compose.override.dev.yml
  10. +26 −0 docker-compose.override.ptvsd.yml
  11. +2 −0 docker/entrypoint-initializer.sh
  12. +1 −0 docker/entrypoint-unit-tests-devDocker.sh
  13. +1 −4 docker/entrypoint-unit-tests.sh
  14. +21 −0 docker/entrypoint-uwsgi-ptvsd.sh
  15. +17 −4 docker/setEnv.sh
  16. +11 −5 dojo/api.py
  17. +91 −12 dojo/api_v2/serializers.py
  18. +63 −1 dojo/api_v2/views.py
  19. +2 −1 dojo/context_processors.py
  20. +24 −0 dojo/db_migrations/0015_findingimage_caption.py
  21. +16 −0 dojo/db_migrations/0016_increase_filepath_length.py
  22. +18 −0 dojo/db_migrations/0017_auto_20190827_1421.py
  23. +79 −0 dojo/db_migrations/0018_sonarqube_api_integration.py
  24. +35 −0 dojo/db_migrations/0019_notetype_additions.py
  25. +18 −0 dojo/db_migrations/0020_system_settings_allow_anonymous_survey_repsonse.py
  26. +1 −0 dojo/engagement/urls.py
  27. +39 −4 dojo/engagement/views.py
  28. +45 −8 dojo/filters.py
  29. +144 −31 dojo/finding/views.py
  30. +806 −0 dojo/fixtures/initial_surveys.json
  31. +15 −1 dojo/fixtures/test_type.json
  32. +116 −11 dojo/forms.py
  33. +6 −0 dojo/home/views.py
  34. +2 −1 dojo/jira_link/urls.py
  35. +87 −2 dojo/jira_link/views.py
  36. +44 −0 dojo/management/commands/import_surveys.py
  37. +121 −9 dojo/models.py
  38. 0 dojo/note_type/__init__.py
  39. +16 −0 dojo/note_type/urls.py
  40. +127 −0 dojo/note_type/views.py
  41. +42 −7 dojo/notes/views.py
  42. +48 −7 dojo/pipeline.py
  43. +51 −11 dojo/product/views.py
  44. +24 −2 dojo/settings/settings.dist.py
  45. +138 −0 dojo/static/dojo/css/datatables.min.css
  46. +679 −0 dojo/static/dojo/js/datatables.min.js
  47. +37 −0 dojo/static/dojo/js/index.js
  48. +13 −0 dojo/tasks.py
  49. +9 −2 dojo/templates/base.html
  50. +12 −0 dojo/templates/dojo/add_note_type.html
  51. +33 −12 dojo/templates/dojo/add_template.html
  52. +173 −4 dojo/templates/dojo/asciidoc_report.html
  53. +13 −2 dojo/templates/dojo/close_finding.html
  54. +8 −1 dojo/templates/dojo/custom_asciidoc_report_endpoints.html
  55. +7 −0 dojo/templates/dojo/custom_asciidoc_report_findings.html
  56. +13 −0 dojo/templates/dojo/custom_pdf_report_endpoint_list.html
  57. +13 −0 dojo/templates/dojo/custom_pdf_report_finding_list.html
  58. +76 −0 dojo/templates/dojo/dashboard.html
  59. +12 −0 dojo/templates/dojo/disable_note_type.html
  60. +46 −0 dojo/templates/dojo/edit_findings.html
  61. +12 −0 dojo/templates/dojo/edit_note_type.html
  62. +5 −0 dojo/templates/dojo/edit_product.html
  63. +12 −0 dojo/templates/dojo/enable_note_type.html
  64. +97 −1 dojo/templates/dojo/endpoint_pdf_report.html
  65. +97 −1 dojo/templates/dojo/engagement_pdf_report.html
  66. +210 −0 dojo/templates/dojo/engagements_all.html
  67. +16 −0 dojo/templates/dojo/express_new_jira.html
  68. +97 −1 dojo/templates/dojo/finding_pdf_report.html
  69. +122 −18 dojo/templates/dojo/findings_list.html
  70. +5 −2 dojo/templates/dojo/import_scan_results.html
  71. +16 −7 dojo/templates/dojo/login.html
  72. +1 −0 dojo/templates/dojo/new_jira.html
  73. +5 −0 dojo/templates/dojo/new_product.html
  74. +130 −0 dojo/templates/dojo/note_type.html
  75. +96 −10 dojo/templates/dojo/product.html
  76. +97 −1 dojo/templates/dojo/product_endpoint_pdf_report.html
  77. +97 −2 dojo/templates/dojo/product_pdf_report.html
  78. +97 −1 dojo/templates/dojo/product_type_pdf_report.html
  79. +4 −4 dojo/templates/dojo/snippets/comments.html
  80. +29 −0 dojo/templates/dojo/snippets/sonarqube_history.html
  81. +113 −14 dojo/templates/dojo/test_pdf_report.html
  82. +4 −4 dojo/templates/dojo/view_eng.html
  83. +10 −2 dojo/templates/dojo/view_finding.html
  84. +4 −1 dojo/templates/dojo/view_note_history.html
  85. +3 −3 dojo/templates/dojo/view_product_details.html
  86. +20 −17 dojo/templates/dojo/view_test.html
  87. +2 −1 dojo/templatetags/get_note_status.py
  88. +11 −0 dojo/templatetags/get_notetype_availability.py
  89. +40 −2 dojo/test/views.py
  90. +15 −0 dojo/tools/__init__.py
  91. 0 dojo/tools/aqua/__init__.py
  92. +125 −0 dojo/tools/aqua/parser.py
  93. +114 −0 dojo/tools/blackduck/importer.py
  94. +24 −0 dojo/tools/blackduck/model.py
  95. +52 −60 dojo/tools/blackduck/parser.py
  96. 0 dojo/tools/dependency_track/__init__.py
  97. +235 −0 dojo/tools/dependency_track/parser.py
  98. +9 −0 dojo/tools/factory.py
  99. +4 −3 dojo/tools/openvas_csv/parser.py
  100. 0 dojo/tools/sonarqube_api/__init__.py
  101. +251 −0 dojo/tools/sonarqube_api/api_client.py
  102. +163 −0 dojo/tools/sonarqube_api/importer.py
  103. +138 −0 dojo/tools/sonarqube_api/updater.py
  104. +108 −0 dojo/tools/sonarqube_api/updater_from_source.py
  105. +1 −1 dojo/tools/ssl_labs/parser.py
  106. +19 −0 dojo/tools/tool_issue_updater.py
  107. +9 −6 dojo/tools/twistlock/parser.py
  108. +5 −5 dojo/tools/whitesource/parser.py
  109. +859 −0 dojo/unittests/scans/aqua/many_vulns.json
  110. +1 −0 dojo/unittests/scans/aqua/no_vuln.json
  111. +156 −0 dojo/unittests/scans/aqua/one_vuln.json
  112. BIN dojo/unittests/scans/blackduck/blackduck_enhanced_py3_unittest.zip
  113. +10 −0 dojo/unittests/scans/blackduck/many_vulns_new_format.csv
  114. +110 −0 dojo/unittests/scans/dependency_track_samples/many_findings.json
  115. +16 −0 dojo/unittests/scans/dependency_track_samples/no_findings_because_findings_key_is_empty_list.json
  116. +15 −0 dojo/unittests/scans/dependency_track_samples/no_findings_because_findings_key_is_missing.json
  117. +16 −0 dojo/unittests/scans/dependency_track_samples/no_findings_because_findings_key_is_null.json
  118. +42 −0 dojo/unittests/scans/dependency_track_samples/one_finding.json
  119. +96 −0 dojo/unittests/scans/sonarqube_api/issues.json
  120. +9 −0 dojo/unittests/scans/sonarqube_api/product.json
  121. +35 −0 dojo/unittests/scans/sonarqube_api/rule.json
  122. +28 −0 dojo/unittests/scans/twistlock/no_vuln.json
  123. +22 −0 dojo/unittests/test_aqua_parser.py
  124. +15 −6 dojo/unittests/test_blackduck_csv_parser.py
  125. +39 −0 dojo/unittests/test_dependency_track_parser.py
  126. +41 −0 dojo/unittests/test_sonarqube_importer.py
  127. +96 −0 dojo/unittests/test_sonarqube_updater.py
  128. +6 −0 dojo/unittests/test_twistlock_parser.py
  129. +5 −1 dojo/urls.py
  130. +2 −2 dojo/utils.py
  131. +23 −0 dojo/wsgi.py
  132. +1 −1 entrypoint_scripts/common/common-os.sh
  133. +1 −1 helm/defectdojo/templates/NOTES.txt
  134. +23 −0 helm/defectdojo/templates/_helpers.tpl
  135. +7 −2 helm/defectdojo/templates/celery-beat-deployment.yaml
  136. +7 −2 helm/defectdojo/templates/celery-deployment.yaml
  137. +7 −2 helm/defectdojo/templates/celery-worker-deployment.yaml
  138. +2 −2 helm/defectdojo/templates/configmap.yaml
  139. +7 −2 helm/defectdojo/templates/django-deployment.yaml
  140. +7 −2 helm/defectdojo/templates/initializer-job.yaml
  141. +20 −0 helm/defectdojo/values.yaml
  142. +1 −0 manage.py
  143. +2 −2 requirements.txt
  144. +0 −102 setup.bash
  145. +1 −1 setup.py
  146. +2 −1 setup/scripts/os/linux.sh
  147. +5 −2 tests/Endpoint_unit_test.py
  148. +5 −19 tests/Engagement_unit_test.py
  149. +5 −2 tests/Environment_unit_test.py
  150. +15 −5 tests/Finding_unit_test.py
  151. +5 −2 tests/Import_scanner_unit_test.py
  152. +84 −0 tests/Note_type_unit_test.py
  153. +12 −6 tests/Product_type_unit_test.py
  154. +33 −6 tests/Product_unit_test.py
  155. +5 −2 tests/Test_unit_test.py
  156. +5 −2 tests/User_unit_test.py
  157. +10 −7 tests/check_status.py
  158. +5 −2 tests/check_status_ui.py
  159. +13 −10 tests/dedupe_unit_test.py
  160. +6 −3 tests/ibm_appscan_test.py
  161. +5 −2 tests/smoke_test.py
  162. +1 −1 tests/zap.py
  163. +3 −0 travis/before-install.sh
  164. +9 −0 travis/script.sh
  165. +143 −0 travis/unittest-script.sh
@@ -2,7 +2,7 @@
name: Bug report
about: Create a report to help us improve
title: ''
labels: 'bug'
labels: bug
assignees: ''

---
@@ -27,7 +27,7 @@ A clear and concise description of what you expected to happen.

**Environment information**
- Operating System: [e.g. Ubuntu 18.04]
- DefectDojo version: [use `git show -s --format="%h: %s [%ci]"`]
- DefectDojo Commit Message: [use `git show -s --format="%h: %s [%ci]"`]

**Sample scan files** (optional)
If applicable, add sample scan files to help reproduce your problem.
@@ -2,7 +2,7 @@
name: New importer request
about: Request a new importer (scanner) for DefectDojo
title: ''
labels: 'Import Scans'
labels: Import Scans
assignees: ''

---
@@ -11,4 +11,4 @@ assignees: ''
Name of the scanner, brief description of the scanner and link.

**Sample File**
Please attach a sample file and the format of the file (xml, json, csv).
Please attach a sample file and the format of the file (xml, json, csv).
@@ -2,7 +2,7 @@
name: Security issue
about: Report a security issue
title: Please submit via our security reporting program, not GitHub
labels: 'security'
labels: security
assignees: ''

---
@@ -107,3 +107,8 @@ quick.bash

#visual studio code
*.code-workspace

# pipenv
Pipfile
Pipfile*

@@ -16,6 +16,7 @@ env:
- TEST=flake8
- TEST=snyk
- TEST=docker
- TEST=unittests
matrix:
allow_failures:
- env: TEST=snyk
@@ -0,0 +1,141 @@
# Generated by Django 2.2.1 on 2019-07-17 21:07

from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
import django_extensions.db.fields


class Migration(migrations.Migration):

initial = True

dependencies = [
('contenttypes', '0002_remove_content_type_name'),
('dojo', '0009_endpoint_remediation'),
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
]

operations = [
migrations.CreateModel(
name='Choice',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('created', django_extensions.db.fields.CreationDateTimeField(auto_now_add=True, verbose_name='created')),
('modified', django_extensions.db.fields.ModificationDateTimeField(auto_now=True, verbose_name='modified')),
('order', models.PositiveIntegerField(default=1)),
('label', models.TextField(default='')),
],
options={
'ordering': ['order'],
},
),
migrations.CreateModel(
name='TextAnswer',
fields=[
('answer_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='defectDojo_engagement_survey.Answer')),
('answer', models.TextField(help_text='The answer text')),
],
options={
'abstract': False,
'base_manager_name': 'objects',
},
bases=('defectDojo_engagement_survey.answer',),
),
migrations.CreateModel(
name='TextQuestion',
fields=[
('question_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='defectDojo_engagement_survey.Question')),
],
options={
'abstract': False,
'base_manager_name': 'objects',
},
bases=('defectDojo_engagement_survey.question',),
),
migrations.CreateModel(
name='Question',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('created', django_extensions.db.fields.CreationDateTimeField(auto_now_add=True, verbose_name='created')),
('modified', django_extensions.db.fields.ModificationDateTimeField(auto_now=True, verbose_name='modified')),
('order', models.PositiveIntegerField(default=1, help_text='The render order')),
('optional', models.BooleanField(default=False, help_text="If selected, user doesn't have to answer this question")),
('text', models.TextField(help_text='The question text')),
('polymorphic_ctype', models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='polymorphic_defectdojo_engagement_survey.question_set+', to='contenttypes.ContentType')),
],
options={
'ordering': ['order'],
},
),
migrations.CreateModel(
name='Engagement_Survey',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.CharField(max_length=200)),
('description', models.TextField()),
('active', models.BooleanField(default=True)),
('questions', models.ManyToManyField(to='defectDojo_engagement_survey.Question')),
],
options={
'verbose_name': 'Engagement Survey',
'verbose_name_plural': 'Engagement Surveys',
'ordering': ('-active', 'name'),
},
),
migrations.CreateModel(
name='Answered_Survey',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('completed', models.BooleanField(default=False)),
('answered_on', models.DateField(null=True)),
('engagement', models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, related_name='Cred_Mapping.engagement+', to='dojo.Engagement')),
('responder', models.ForeignKey(blank=True, default=None, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='responder', to=settings.AUTH_USER_MODEL)),
('survey', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='defectDojo_engagement_survey.Engagement_Survey')),
],
options={
'verbose_name': 'Answered Engagement Survey',
'verbose_name_plural': 'Answered Engagement Surveys',
},
),
migrations.CreateModel(
name='Answer',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('created', django_extensions.db.fields.CreationDateTimeField(auto_now_add=True, verbose_name='created')),
('modified', django_extensions.db.fields.ModificationDateTimeField(auto_now=True, verbose_name='modified')),
('answered_survey', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='defectDojo_engagement_survey.Answered_Survey')),
('polymorphic_ctype', models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='polymorphic_defectdojo_engagement_survey.answer_set+', to='contenttypes.ContentType')),
('question', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='defectDojo_engagement_survey.Question')),
],
options={
'abstract': False,
'base_manager_name': 'objects',
},
),
migrations.CreateModel(
name='ChoiceQuestion',
fields=[
('question_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='defectDojo_engagement_survey.Question')),
('multichoice', models.BooleanField(default=False, help_text='Select one or more')),
('choices', models.ManyToManyField(to='defectDojo_engagement_survey.Choice')),
],
options={
'abstract': False,
'base_manager_name': 'objects',
},
bases=('defectDojo_engagement_survey.question',),
),
migrations.CreateModel(
name='ChoiceAnswer',
fields=[
('answer_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='defectDojo_engagement_survey.Answer')),
('answer', models.ManyToManyField(help_text='The selected choices as the answer', to='defectDojo_engagement_survey.Choice')),
],
options={
'abstract': False,
'base_manager_name': 'objects',
},
bases=('defectDojo_engagement_survey.answer',),
),
]
@@ -100,6 +100,48 @@ To update changes in static resources, served by nginx, just refresh the browser
id -u
```

### Run with Docker compose in development mode with ptvsd (remote debug)

If you want to be able to step in your code, you can activate ptvsd.Server.

You can launch your local dev instance of DefectDojo as

```zsh
cp dojo/settings/settings.dist.py dojo/settings/settings.py
docker/setEnv.sh ptvsd
docker-compose up
```

This will run the application based on merged configurations from docker-compose.yml and docker-compose.override.ptvsd.yml.

The default configuration assumes port 3000 by default for ptvsd, and you should access the DefectDojo UI on port 8000 instead of port 8080, as the uwsgi container will serve directly.

#### VS code
Add the following python debug configuration (You would have to install the `ms-python.python`. Other setup may work.)

```
{
"name": "Remote DefectDojo",
"type": "python",
"request": "attach",
"pathMappings": [
{
"localRoot": "${workspaceFolder}",
"remoteRoot": "/app"
}
],
"port": 3000,
"host": "localhost"
}
```

You can now launch the remote debug from VS Code, place your breakpoints and step through the code.

> At present, 2 caveats:
> - Static will not be present. You would have to `docker cp` them over from the nginx container
> - For some reason, the page loading may hang. You can stop the loading and reload, the page will ultimately appear.

### Access the application
Navigate to <http://localhost:8080> where you can log in with username admin.
To find out the admin password, check the very beginning of the console
@@ -4,7 +4,7 @@
# The code for the build image should be idendical with the code in
# Dockerfile.nginx to use the caching mechanism of Docker.

# Using 3.5.7 to avoid compatibility issues that may be introduced by python 3.5.6 and 3.5.7.
# Using 3.5.7 to avoid compatibility issues that may be introduced by python 3.6 and 3.7.
# Please upgrade before end-of-life in september 2020!
# Ref: https://devguide.python.org/#branchstatus
FROM python:3.5.7-buster@sha256:4598d4365bb7a8628ba840f87406323e699c4da01ae6f926ff33787c63230779 as build
@@ -60,6 +60,7 @@ COPY \
docker/entrypoint-initializer.sh \
docker/entrypoint-uwsgi.sh \
docker/entrypoint-uwsgi-dev.sh \
docker/entrypoint-uwsgi-ptvsd.sh \
docker/entrypoint-unit-tests.sh \
docker/entrypoint-unit-tests-devDocker.sh \
docker/wait-for-it.sh \
@@ -76,7 +77,7 @@ RUN \
chmod g=u /var/run && \
true
USER root
RUN chmod 0777 /app
RUN chmod -R 0777 /app
USER 1001
ENV \
DD_ADMIN_USER=admin \
@@ -10,6 +10,12 @@ services:
celeryworker:
volumes:
- '.:/app:z'
celerybeat:
volumes:
- '.:/app:z'
initializer:
volumes:
- '.:/app:z'
nginx:
volumes:
- './dojo/static/dojo:/usr/share/nginx/html/static/dojo'
@@ -0,0 +1,26 @@
---
version: '3.7'
services:
uwsgi:
entrypoint: ['/wait-for-it.sh', 'mysql:3306', '-t', '30', '--', '/entrypoint-uwsgi-ptvsd.sh']
volumes:
- '.:/app:z'
environment:
DD_DEBUG: 'on'
ports:
- target: 3000
published: 3000
protocol: tcp
mode: host
celeryworker:
volumes:
- '.:/app:z'
nginx:
volumes:
- './dojo/static/dojo:/usr/share/nginx/html/static/dojo'
mysql:
ports:
- target: 3306
published: 3306
protocol: tcp
mode: host
@@ -55,6 +55,8 @@ EOD
python3 manage.py loaddata language_type
python3 manage.py loaddata objects_review
python3 manage.py loaddata regulation
python3 manage.py import_surveys
python3 manage.py loaddata initial_surveys
python3 manage.py installwatson
exec python3 manage.py buildwatson
fi
@@ -1,5 +1,6 @@
#!/bin/sh
# Run available unittests with a simple setup
umask 0002

cd /app
# Unset the database URL so that we can force the DD_TEST_DATABASE_NAME (see django "DATABASES" configuration in settings.dist.py)
@@ -1,5 +1,6 @@
#!/bin/sh
# Run available unittests with a simple setup
umask 0002

cd /app

@@ -24,8 +25,4 @@ EOF

./manage.py migrate

./tests/Product_unit_test.py
./tests/Product__type_unit_test.py

exec ./manage.py test dojo.unittests

@@ -0,0 +1,21 @@
#!/bin/sh

umask 0002



# Copy settings.py (settings.py copied to allow for legacy installs and customizations)
cd /app
TARGET_SETTINGS_FILE=dojo/settings/settings.py
if [ ! -f ${TARGET_SETTINGS_FILE} ]; then
echo "Creating settings.py"
cp dojo/settings/settings.dist.py dojo/settings/settings.py
fi

exec uwsgi \
"--${DD_UWSGI_MODE}" "${DD_UWSGI_ENDPOINT}" \
--protocol uwsgi \
--wsgi dojo.wsgi:application \
--py-autoreload 1 \
--enable-threads --lazy-apps --honour-stdin

0 comments on commit 7359237

Please sign in to comment.
You can’t perform that action at this time.