Skip to content
Permalink
Browse files

Merge branch 'dev' into master

  • Loading branch information...
aaronweaver committed Oct 15, 2018
2 parents 1220d00 + dfe3351 commit f528d411f3834af271edc0d9f6bfd2bce1dad590
Showing with 44,800 additions and 1,150 deletions.
  1. +4 −0 .dockerignore
  2. +2 −0 .gitignore
  3. +15 −26 .travis.yml
  4. +1 −1 DefectDojoMaintainers.md
  5. +20 −45 Dockerfile
  6. +21 −0 MAINTAINERS.md
  7. +3 −2 PULL_REQUEST_TEMPLATE.md
  8. +10 −8 README.md
  9. +0 −25 Vagrantfile
  10. +1 −1 components/package.json
  11. +1 −1 dojo/__init__.py
  12. +129 −162 dojo/api_v2/serializers.py
  13. +22 −2 dojo/api_v2/views.py
  14. +1,319 −0 dojo/db_migrations/0001_initial.py
  15. +20 −0 dojo/db_migrations/0002_test_description.py
  16. +35 −0 dojo/db_migrations/0003_auto_20181004_1524.py
  17. 0 dojo/db_migrations/__init__.py
  18. +16 −25 dojo/endpoint/views.py
  19. +2 −4 dojo/engagement/views.py
  20. +11 −4 dojo/filters.py
  21. +0 −2 dojo/finding/urls.py
  22. +2 −20 dojo/finding/views.py
  23. +41,058 −0 dojo/fixtures/defect_dojo_sample_data.json
  24. +1 −1 dojo/fixtures/dojo_testdata.json
  25. +21 −8 dojo/fixtures/test_type.json
  26. +38 −40 dojo/forms.py
  27. +1 −1 dojo/home/views.py
  28. +8 −1 dojo/jira_link/views.py
  29. +1 −1 dojo/management/commands/dedupe.py
  30. +32 −0 dojo/management/commands/dupecheck.py
  31. +30 −0 dojo/management/commands/migrate_meta.py
  32. +4 −3 dojo/management/commands/run_scan.py
  33. +4 −15 dojo/metrics/views.py
  34. +51 −24 dojo/models.py
  35. 0 dojo/notes/__init__.py
  36. +5 −0 dojo/notes/urls.py
  37. +50 −0 dojo/notes/views.py
  38. +20 −28 dojo/product/views.py
  39. +3 −2 dojo/scan/views.py
  40. +2 −4 dojo/search/views.py
  41. +237 −100 dojo/settings/settings.dist.py
  42. +71 −0 dojo/settings/template-env
  43. +12 −2 dojo/static/dojo/css/dojo.css
  44. +69 −0 dojo/static/dojo/css/highlight.css
  45. +9 −5 dojo/tasks.py
  46. +38 −18 dojo/templates/base.html
  47. +9 −1 dojo/templates/dojo/apply_finding_template.html
  48. +6 −1 dojo/templates/dojo/apply_finding_template_form_fields.html
  49. +1 −1 dojo/templates/dojo/delete_product.html
  50. +1 −1 dojo/templates/dojo/delete_rule.html
  51. +3 −3 dojo/templates/dojo/edit_endpoint_meta_data.html
  52. +3 −3 dojo/templates/dojo/edit_product_meta_data.html
  53. +2 −2 dojo/templates/dojo/endpoints.html
  54. +13 −8 dojo/templates/dojo/findings_list.html
  55. +4 −0 dojo/templates/dojo/import_scan_results.html
  56. +1 −1 dojo/templates/dojo/metrics.html
  57. +41 −0 dojo/templates/dojo/snippets/comments.html
  58. +8 −6 dojo/templates/dojo/snippets/engagement_list.html
  59. +0 −6 dojo/templates/dojo/view_cred_all_details.html
  60. +6 −2 dojo/templates/dojo/view_endpoint.html
  61. +21 −6 dojo/templates/dojo/view_eng.html
  62. +44 −78 dojo/templates/dojo/view_finding.html
  63. +1 −1 dojo/templates/dojo/view_product_details.html
  64. +20 −58 dojo/templates/dojo/view_test.html
  65. +19 −2 dojo/templatetags/display_tags.py
  66. +0 −2 dojo/test/urls.py
  67. +16 −17 dojo/test/views.py
  68. +8 −33 dojo/tool_config/views.py
  69. +22 −17 dojo/tools/burp/parser.py
  70. 0 dojo/tools/clair/__init__.py
  71. +61 −0 dojo/tools/clair/parser.py
  72. +27 −15 dojo/tools/dependencycheck/parser.py
  73. +12 −3 dojo/tools/factory.py
  74. +4 −5 dojo/tools/generic/parser.py
  75. +1 −0 dojo/tools/mobsf/__init__.py
  76. +144 −0 dojo/tools/mobsf/parser.py
  77. +17 −10 dojo/tools/nexpose/parser.py
  78. 0 dojo/tools/npmaudit/__init__.py
  79. +69 −0 dojo/tools/npmaudit/parser.py
  80. 0 dojo/tools/sonarqube/__init__.py
  81. +113 −0 dojo/tools/sonarqube/parser.py
  82. +37 −16 dojo/tools/ssllabs/parser.py
  83. +112 −0 dojo/unittests/test_apiv2_scan_import_options.py
  84. +2 −2 dojo/unittests/test_dependency_check_parser.py
  85. +43 −63 dojo/unittests/test_rest_framework.py
  86. 0 dojo/unittests_legacy/__init__.py
  87. 0 dojo/{unittests → unittests_legacy}/test_endpoint_metadata.py
  88. +13 −3 dojo/urls.py
  89. +1 −1 dojo/user/urls.py
  90. +8 −13 dojo/utils.py
  91. +206 −109 entrypoint_scripts/common/dojo-shared-resources.sh
  92. +11 −0 entrypoint_scripts/common/setup-superuser.expect
  93. +24 −0 entrypoint_scripts/deploy/post-action.bash
  94. +7 −0 entrypoint_scripts/misc/url_db.py
  95. +83 −0 entrypoint_scripts/run/startup-docker.bash
  96. +21 −4 entrypoint_scripts/test/travis-integration-test.sh
  97. +7 −10 entrypoint_scripts/test/travis-smoke-test.sh
  98. +4 −0 entrypoint_scripts/test/travis-unit-test.sh
  99. +9 −4 requirements.txt
  100. +67 −0 setup-docker.bash
  101. +8 −17 setup.bash
  102. +11 −8 setup.py
  103. +11 −2 tests/check_status.py
  104. +19 −35 tests/smoke_test.py
@@ -0,0 +1,4 @@
.git
.gitignore
*.md
.env*
@@ -70,6 +70,7 @@ dojo/uploads/threat/*
*.sqlite
*.db
celerybeat.pid
*.env*

weekly.txt
Monthly.txt
@@ -91,3 +92,4 @@ dojo/media
.venv/
venv/
ENV/
quick.bash
@@ -2,31 +2,28 @@ sudo: required
language: python
install: true

services:
- docker

before_script:
- export -f travis_fold
- export REPO=appsecpipeline/django-defectdojo
- export TAG=`if [ "$TRAVIS_BRANCH" == "master" ]; then echo "latest"; else echo $TRAVIS_BRANCH ; fi`

env:
- TEST=smoke-test
- TEST=integration-test
- TEST=unit-test
- TEST=bandit
- TEST=docker-bench-security
- TEST=ansible
- TEST=flake8-complete
- TEST=flake8

matrix:
allow_failures:
- env: TEST=smoke-test
- env: TEST=bandit
- env: TEST=sourceclear
- env: TEST=flake8-complete

services:
- docker

before_script:
- export -f travis_fold
- export REPO=appsecpipeline/django-defectdojo
- export TAG=`if [ "$TRAVIS_BRANCH" == "master" ]; then echo "latest"; else echo $TRAVIS_BRANCH ; fi`

script:
- |
echo "Running test=$TEST"
@@ -46,30 +43,27 @@ script:
bash entrypoint_scripts/test/travis-integration-test.sh || exit 1
travis_fold end "integration-test"
;;
sourceclear)
## Run the SRC:CLR Scan
curl -sSL https://download.sourceclear.com/ci.sh | bash
;;
bandit)
# install bandit
pip install bandit
## Run Bandit python static code
bandit -r * -x venv,tests,ansible
bandit -r * -x venv,tests
;;
docker-bench-security)
## Run Docker Bench for Security
git clone https://github.com/docker/docker-bench-security.git
cd docker-bench-security
sh docker-bench-security.sh
;;
ansible)
true
;;
pep8)
flake8-complete)
pip install flake8
flake8 .
;;
safety)
pip install safety
safety check -i 35015
;;
flake8)
echo "$TRAVIS_BRANCH"
if [ "$TRAVIS_BRANCH" == "dev" ]
@@ -86,12 +80,7 @@ script:
after_success:
#Push to docker repo
- |
if [ "$TRAVIS_TAG" != "" ] && [ "$DOCKER_USER" != "" ] && [ "$DOCKER_PASS" != "" ]; then
docker tag $REPO $REPO:$TRAVIS_TAG
docker login -u "$DOCKER_USER" -p "$DOCKER_PASS";
docker push $REPO ;
fi
- bash entrypoint_scripts/deploy/post-action.bash

notifications:
slack:
@@ -1 +1 @@
Greg Anderson, Aaron Weaver and Matt Tesauro.
Greg Anderson, Aaron Weaver and Matt Tesauro.
@@ -1,53 +1,28 @@
FROM ubuntu:16.04
MAINTAINER Matt Tesauro <matt.tesauro@owasp.org>
FROM ubuntu:16.04 as base
MAINTAINER Matt Tesauro <matt.tesauro@owasp.org>, Aaron Weaver <aaron.weaver@owasp.org>

# # # Create a single Docker image running DefectDojo and all dependencies
# # # Create a docker image for DefectDojo and all dependencies

# Setup database environment variables. Used to setup an external
# database, and is optional.
# Set a variable using build args.
# i.e. `docker build --build-arg DBNAME="db.foopy.com" ...`

ARG SQLHOST=""
ARG SQLPORT=""
ARG SQLUSER=""
ARG SQLPWD=""
ARG DBNAME=""

ENV SQLHOST=$SQLHOST
ENV SQLPORT=$SQLPORT
ENV SQLUSER=$SQLUSER
ENV SQLPWD=$SQLPWD
ENV DBNAME=$DBNAME

# Update and install basic requirements;
# Install mysql-server already at this place, since we want to avoid
# interactivity when creating a Docker image;
# Also: create the application user;
RUN apt-get update \
&& apt-get install -y sudo git expect wget \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y mysql-server \
&& adduser --disabled-password --gecos "DefectDojo" dojo

# Give the app user sudo permissions and switch executing user
ADD ./docker/etc/dojo_sudo /etc/sudoers.d/
USER dojo:dojo
# Create the application user;
RUN adduser --disabled-password --gecos "DefectDojo" dojo

# Add the application files and start the setup
ADD --chown=dojo:dojo . /opt/django-DefectDojo
WORKDIR /opt/django-DefectDojo
# Add the -y option to avoid interactive prompts
RUN ./setup.bash -y

# Install wkhtmltopdf
RUN wget -O /tmp/wkhtmltox.tar.xz https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/0.12.4/wkhtmltox-0.12.4_linux-generic-amd64.tar.xz \
&& tar xvfJ /tmp/wkhtmltox.tar.xz -C /tmp \
&& sudo chown root:root /tmp/wkhtmltox/bin/wkhtmltopdf \
&& sudo cp /tmp/wkhtmltox/bin/wkhtmltopdf /usr/local/bin/wkhtmltopdf
# Update and install basic requirements
RUN ./setup-docker.bash -y dependencies

# Start the DB server and rund the app
ENTRYPOINT sudo chown -R mysql:mysql /var/lib/mysql /var/run/mysqld \
&& sudo service mysql start \
&& (celery -A dojo worker -l info --concurrency 3 >> /opt/django-DefectDojo/worker.log 2>&1 &) \
&& (celery beat -A dojo -l info >> /opt/django-DefectDojo/beat.log 2>&1 &) \
&& (python manage.py runserver 0.0.0.0:8000 >> /opt/django-DefectDojo/dojo.log 2>&1)
########## Stage: dev-mysql-self-contained ##########
FROM base as dev-mysql-self-contained
RUN ./setup-docker.bash -y db -d MYSQL
# Give the app user sudo permissions and switch executing user
ADD ./docker/etc/dojo_sudo /etc/sudoers.d/
# Start DefectDojo Services
CMD entrypoint_scripts/run/startup-docker.bash

########## Stage: release ##########
FROM dev-mysql-self-contained as release
RUN ./setup-docker.bash -y release
# USER dojo
CMD gunicorn --bind 0.0.0.0:$PORT wsgi
@@ -0,0 +1,21 @@
## Maintainer Responsibilities

* Maintainers regularly attend quarterly project meetings.
* Volunteer for and willingly accept assignments and complete them thoroughly and on time.
* Stay informed about project matters.
* Prepare themselves well for meetings.
* Build a collegial working relationship that contributes to consensus.
* Is an active participant in the project’s annual evaluating and planning efforts.
* Reviews pull requests within two weeks if requested.

## Becoming a Maintainer

New maintainers are selected by consensus from the current group of maintainers on an invite-only basis.

## Current Maintainers

Greg Anderson

Aaron Weaver

Matt Tesauro
@@ -2,5 +2,6 @@ Please submit your pull requests to the 'dev' branch.

When submitting a pull request, please make sure you have completed the following checklist:

- [ ] Your code is flake8 compliant (Dojo's code isn't currently flake8 compliant, but we're trying to correct that)
- [ ] If this is a new feature and not a bug fix, you've included the proper documentation under the /docs folder
- [ ] Your code is flake8 compliant (DefectDojo's code isn't currently flake8 compliant, but we're trying to correct that.)
- [ ] If this is a new feature and not a bug fix, you've included the proper documentation in the ReadTheDocs documentation folder. https://github.com/DefectDojo/Documentation/tree/master/docs or provide feature documentation in the PR.
- [ ] Add applicable tests to the unit tests.
@@ -1,6 +1,6 @@
# DefectDojo [![OWASP Flagship](https://img.shields.io/badge/owasp-flagship%20project-orange.svg)](https://www.owasp.org/index.php/OWASP_DefectDojo_Project) [![GitHub release](https://img.shields.io/github/release/DefectDojo/django-DefectDojo.svg)](https://github.com/DefectDojo/django-DefectDojo) [![YouTube Subscribe](https://img.shields.io/badge/youtube-subscribe-%23c4302b.svg)](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ) ![Twitter Follow](https://img.shields.io/twitter/follow/defectdojo.svg?style=social&label=Follow)

[![Documentation Status](https://readthedocs.org/projects/defectdojo/badge/?version=latest)](https://defectdojo.readthedocs.io/en/latest/?badge=latest) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/2098/badge)](https://bestpractices.coreinfrastructure.org/projects/2098)
[![Build Status](https://travis-ci.org/DefectDojo/django-DefectDojo.svg?branch=master)](https://travis-ci.org/DefectDojo/django-DefectDojo) [![Documentation Status](https://readthedocs.org/projects/defectdojo/badge/?version=latest)](https://defectdojo.readthedocs.io/en/latest/?badge=latest) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/2098/badge)](https://bestpractices.coreinfrastructure.org/projects/2098)

![Screenshot of DefectDojo](https://raw.githubusercontent.com/DefectDojo/Documentation/master/doc/img/screenshot1.png)

@@ -32,8 +32,6 @@ For detailed documentation you can visit [Read the Docs](https://defectdojo.read

### [Docker](https://defectdojo.readthedocs.io/en/latest/getting-started.html#docker-local-install)

### [Ansible](https://raw.githubusercontent.com/DefectDojo/Documentation/master/ansible/prod-install)

# Getting Started

We recommend checking out the [about](https://defectdojo.readthedocs.io/en/latest/about.html) document to learn the
@@ -46,7 +44,7 @@ that should give you an idea of how to use DefectDojo for your own team.

- DefectDojo Python API: `pip install defectdojo_api` or clone the [repository](https://github.com/aaronweaver/defectdojo_api).

- Browse the API on [SwaggerHub](https://app.swaggerhub.com/apis/DefectDojo/defect-dojo_api_v_2/1.0.0). [![Swagger Status](http://online.swagger.io/validator?url=https://api.swaggerhub.com/apis/DefectDojo/defect-dojo_api_v_2/1.0.0)](https://app.swaggerhub.com/apis/DefectDojo/defect-dojo_api_v_2/1.0.0)
- Browse the API on [SwaggerHub](https://app.swaggerhub.com/apis/DefectDojo/defect-dojo_api_v_2/1.0.0). [![Swagger Status](http://online.swagger.io/validator?url=https://api.swaggerhub.com/apis/DefectDojo/defect-dojo_api_v_2/1.0.0)](https://app.swaggerhub.com/apis/DefectDojo/defect-dojo_api_v_2/1.0.0)

# Getting Involved

@@ -74,10 +72,14 @@ Realtime discussion is done in the OWASP Slack Channel, #defectdojo. [Get Access
DefectDojo is maintained by:

- [Greg Anderson](https://www.linkedin.com/in/g-anderson/)
- Aaron Weaver ([@weavera](https://twitter.com/weavera))
- Matt Tesauro ([@matt_tesauro](https://twitter.com/matt_tesauro))
- Charles Neill ([@ccneill](https://twitter.com/ccneill))
- Jay Paz ([@jjpaz](https://twitter.com/jjpaz))
- [Aaron Weaver](https://www.linkedin.com/in/aweaver/) ([@weavera](https://twitter.com/weavera))
- [Matt Tesauro](https://www.linkedin.com/in/matttesauro/) ([@matt_tesauro](https://twitter.com/matt_tesauro))


# Hall of Fame

- Charles Neill ([@ccneill](https://twitter.com/ccneill)) - Charles served as a DefectDojo Maintainer for years and wrote some of Dojo's core functionality.
- Jay Paz ([@jjpaz](https://twitter.com/jjpaz)) - Jay was a DefectDojo maintainer for years. He performed Dojo's first UI overhaul, optomized code structure/features, and added numerous enhancements.

# Contributing

This file was deleted.

@@ -18,7 +18,7 @@
"@yarn_components/fullcalendar": "fullcalendar/fullcalendar#*",
"@yarn_components/google-code-prettify": "tcollard/google-code-prettify#~1.0.4",
"@yarn_components/holderjs": "imsky/holder#~2.4.1",
"@yarn_components/jquery": "jquery/jquery-dist#~2.1.4",
"@yarn_components/jquery": "jquery/jquery-dist#~3.3.1",
"@yarn_components/jquery-cookie": "carhartl/jquery-cookie#*",
"@yarn_components/jquery-highlight": "knownasilya/jquery-highlight#*",
"@yarn_components/jquery-ui": "components/jqueryui#*",
@@ -4,7 +4,7 @@
# Django starts so that shared_task will use this app.
from .celery import app as celery_app # noqa

__version__ = '1.5.2'
__version__ = '1.5.4'
__url__ = 'https://github.com/DefectDojo/django-DefectDojo'
__docs__ = 'http://defectdojo.readthedocs.io/'
__demo__ = 'http://defectdojo.pythonanywhere.com/'

0 comments on commit f528d41

Please sign in to comment.
You can’t perform that action at this time.