Skip to content
Permalink
Browse files

Updated notifications, reworked findings, product and engagement views

  • Loading branch information...
aaronweaver committed May 18, 2018
1 parent 5d02a74 commit fe914dada61006153e5182af393d162a922f41e4

Large diffs are not rendered by default.

@@ -6,6 +6,8 @@
# findings
url(r'^finding$', views.open_findings,
name='findings'),
url(r'^finding/bulk$', views.finding_bulk_update_all,
name='findings_bulk_all'),
url(r'^finding/open$', views.open_findings,
name='open_findings'),
url(r'^finding/closed$', views.closed_findings,

Large diffs are not rendered by default.

This file was deleted.

This file was deleted.

This file was deleted.

@@ -12,17 +12,13 @@
from django.utils.dates import MONTHS
from django.utils.safestring import mark_safe
from django.utils import timezone
from tagging.forms import TagField
from tagging.models import Tag

from dojo import settings
from dojo.models import Finding, Product_Type, Product, ScanSettings, VA, \
Check_List, User, Engagement, Test, Test_Type, Notes, Risk_Acceptance, \
Development_Environment, Dojo_User, Scan, Endpoint, Stub_Finding, Finding_Template, Report, FindingImage, \
JIRA_Issue, JIRA_PKey, JIRA_Conf, UserContactInfo, Tool_Type, Tool_Configuration, Tool_Product_Settings, \
Cred_User, Cred_Mapping, System_Settings, Notifications, Languages, Language_Type, App_Analysis, Objects, \
Benchmark_Product, Benchmark_Requirement, Benchmark_Product_Summary
from dojo.utils import get_system_setting

RE_DATE = re.compile(r'(\d{4})-(\d\d?)-(\d\d?)$')

@@ -106,7 +102,7 @@ def render(self, name, value, attrs=None):
if not (self.required and value):
month_choices.append(self.none_value)
month_choices.sort()
local_attrs = self.build_attrs({'id':self.month_field % id_})
local_attrs = self.build_attrs({'id': self.month_field % id_})
s = Select(choices=month_choices)
select_html = s.render(self.month_field % name, month_val, local_attrs)

@@ -194,7 +190,7 @@ class Meta:
model = Product
exclude = ['name', 'description', 'prod_manager', 'tech_contact', 'manager', 'created',
'prod_type', 'updated', 'tid', 'authorized_users', 'product_manager',
'technical_contact', 'team_manager']
'technical_contact', 'team_manager', 'prod_numeric_grade']


class ProductMetaDataForm(forms.ModelForm):
@@ -227,19 +223,28 @@ class Meta:


class ImportScanForm(forms.Form):
SCAN_TYPE_CHOICES = (("", "Please Select a Scan Type"),("Burp Scan", "Burp Scan"), ("Nessus Scan", "Nessus Scan"), ("Nmap Scan", "Nmap Scan"),
SCAN_TYPE_CHOICES = (("", "Please Select a Scan Type"),
("Burp Scan", "Burp Scan"),
("Nessus Scan", "Nessus Scan"),
("Nmap Scan", "Nmap Scan"),
("Nexpose Scan", "Nexpose Scan"),
("AppSpider Scan", "AppSpider Scan"), ("Veracode Scan", "Veracode Scan"),
("Checkmarx Scan", "Checkmarx Scan"), ("ZAP Scan", "ZAP Scan"),
("Arachni Scan", "Arachni Scan"), ("VCG Scan", "VCG Scan"),
("Dependency Check Scan", "Dependency Check Scan"), ("Retire.js Scan", "Retire.js Scan"),
("AppSpider Scan", "AppSpider Scan"),
("Veracode Scan", "Veracode Scan"),
("Checkmarx Scan", "Checkmarx Scan"),
("ZAP Scan", "ZAP Scan"),
("Arachni Scan", "Arachni Scan"),
("VCG Scan", "VCG Scan"),
("Dependency Check Scan", "Dependency Check Scan"),
("Retire.js Scan", "Retire.js Scan"),
("Node Security Platform Scan", "Node Security Platform Scan"),
("Qualys Scan", "Qualys Scan"),
("Qualys Webapp Scan", "Qualys Webapp Scan"),
("OpenVAS CSV", "OpenVAS CSV"),
("Snyk Scan", "Snyk Scan"),
("Generic Findings Import", "Generic Findings Import"),
("SKF Scan", "SKF Scan"), ("Bandit Scan", "Bandit Scan"), ("SSL Labs Scan", "SSL Labs Scan"))
("SKF Scan", "SKF Scan"),
("Bandit Scan", "Bandit Scan"),
("SSL Labs Scan", "SSL Labs Scan"))
SORTED_SCAN_TYPE_CHOICES = sorted(SCAN_TYPE_CHOICES, key=lambda x: x[1])

scan_date = forms.DateTimeField(
@@ -457,18 +462,28 @@ class EngForm(forms.ModelForm):
"listings.")
description = forms.CharField(widget=forms.Textarea(attrs={}),
required=False)
tags = forms.CharField(widget=forms.SelectMultiple(choices=[]),
required=False,
help_text="Add tags that help describe this engagement. "
"Choose from the list or add new tags. Press TAB key to add.")
target_start = forms.DateField(widget=forms.TextInput(
attrs={'class': 'datepicker'}))
target_end = forms.DateField(widget=forms.TextInput(
attrs={'class': 'datepicker'}))
threat_model = forms.BooleanField(required=False)
api_test = forms.BooleanField(required=False, label='API Test')
pen_test = forms.BooleanField(required=False)
# threat_model = forms.BooleanField(required=False)
# api_test = forms.BooleanField(required=False, label='API Test')
# pen_test = forms.BooleanField(required=False)
lead = forms.ModelChoiceField(
queryset=User.objects.exclude(is_staff=False),
required=True, label="Testing Lead")
test_strategy = forms.URLField(required=False, label="Test Strategy URL")

def __init__(self, *args, **kwargs):
tags = Tag.objects.usage_for_model(Engagement)
t = [(tag.name, tag.name) for tag in tags]
super(EngForm, self).__init__(*args, **kwargs)
self.fields['tags'].widget.choices = t

def is_valid(self):
valid = super(EngForm, self).is_valid()

@@ -485,7 +500,7 @@ class Meta:
model = Engagement
exclude = ('first_contacted', 'version', 'eng_type', 'real_start',
'real_end', 'requester', 'reason', 'updated', 'report_type',
'product')
'product', 'threat_model', 'api_test', 'pen_test', 'check_list')


class EngForm2(forms.ModelForm):
@@ -545,7 +560,7 @@ class Meta:
exclude = ['name', 'version', 'eng_type', 'first_contacted', 'target_start',
'target_end', 'lead', 'requester', 'reason', 'report_type',
'product', 'test_strategy', 'threat_model', 'api_test', 'pen_test',
'check_list', 'status']
'check_list', 'status', 'description']


class TestForm(forms.ModelForm):
@@ -614,8 +629,7 @@ class AddFindingForm(forms.ModelForm):
def clean(self):
# self.fields['endpoints'].queryset = Endpoint.objects.all()
cleaned_data = super(AddFindingForm, self).clean()
if ((cleaned_data['active'] or cleaned_data['verified'])
and cleaned_data['duplicate']):
if ((cleaned_data['active'] or cleaned_data['verified']) and cleaned_data['duplicate']):
raise forms.ValidationError('Duplicate findings cannot be'
' verified or active')
if cleaned_data['false_p'] and cleaned_data['verified']:
@@ -653,8 +667,7 @@ class AdHocFindingForm(forms.ModelForm):
def clean(self):
# self.fields['endpoints'].queryset = Endpoint.objects.all()
cleaned_data = super(AdHocFindingForm, self).clean()
if ((cleaned_data['active'] or cleaned_data['verified'])
and cleaned_data['duplicate']):
if ((cleaned_data['active'] or cleaned_data['verified']) and cleaned_data['duplicate']):
raise forms.ValidationError('Duplicate findings cannot be'
' verified or active')
if cleaned_data['false_p'] and cleaned_data['verified']:
@@ -767,12 +780,7 @@ class ApplyFindingTemplateForm(forms.Form):

cwe = forms.IntegerField(label="CWE", required=False)

severity = forms.ChoiceField(
required=False,
choices=SEVERITY_CHOICES,
error_messages={
'required': 'Select valid choice: In Progress, On Hold, Completed',
'invalid_choice': 'Select valid choice: Critical,High,Medium,Low'})
severity = forms.ChoiceField(required=False, choices=SEVERITY_CHOICES, error_messages={'required': 'Select valid choice: In Progress, On Hold, Completed', 'invalid_choice': 'Select valid choice: Critical,High,Medium,Low'})

description = forms.CharField(widget=forms.Textarea)
mitigation = forms.CharField(widget=forms.Textarea)
@@ -795,8 +803,10 @@ def clean(self):
return cleaned_data

class Meta:
fields = ['title', 'cwe', 'severity', 'description', 'mitigation', 'impact', 'references']
fields = ['title', 'cwe', 'severity', 'description', 'mitigation', 'impact', 'references']
order = ('title', 'cwe', 'severity', 'description', 'impact')


class FindingTemplateForm(forms.ModelForm):
title = forms.CharField(max_length=1000, required=True)
tags = forms.CharField(widget=forms.SelectMultiple(choices=[]),
@@ -1280,7 +1290,7 @@ class ReportOptionsForm(forms.Form):
include_finding_images = forms.ChoiceField(choices=yes_no, label="Finding Images")
include_executive_summary = forms.ChoiceField(choices=yes_no, label="Executive Summary")
include_table_of_contents = forms.ChoiceField(choices=yes_no, label="Table of Contents")
report_type = forms.ChoiceField(choices=(('AsciiDoc', 'AsciiDoc'),('HTML', 'HTML'), ('PDF', 'PDF')))
report_type = forms.ChoiceField(choices=(('AsciiDoc', 'AsciiDoc'), ('HTML', 'HTML'), ('PDF', 'PDF')))


class CustomReportOptionsForm(forms.Form):
@@ -1299,6 +1309,7 @@ class Meta:
model = Report
fields = ('id',)


class DeleteFindingForm(forms.ModelForm):
id = forms.IntegerField(required=True,
widget=forms.widgets.HiddenInput())
@@ -1307,6 +1318,7 @@ class Meta:
model = Finding
fields = ('id',)


class DeleteStubFindingForm(forms.ModelForm):
id = forms.IntegerField(required=True,
widget=forms.widgets.HiddenInput())
@@ -1315,6 +1327,7 @@ class Meta:
model = Stub_Finding
fields = ('id',)


class AddFindingImageForm(forms.ModelForm):
class Meta:
model = FindingImage
@@ -1323,25 +1336,29 @@ class Meta:

FindingImageFormSet = modelformset_factory(FindingImage, extra=3, max_num=10, exclude=[''], can_delete=True)


class JIRA_IssueForm(forms.ModelForm):

class Meta:
model = JIRA_Issue
exclude = ['product']


class JIRAForm(forms.ModelForm):
password = forms.CharField(widget=forms.PasswordInput, required=True)

class Meta:
model = JIRA_Conf
exclude = ['product']


class Benchmark_Product_SummaryForm(forms.ModelForm):

class Meta:
model = Benchmark_Product_Summary
exclude = ['product', 'current_level', 'benchmark_type', 'asvs_level_1_benchmark', 'asvs_level_1_score', 'asvs_level_2_benchmark', 'asvs_level_2_score', 'asvs_level_3_benchmark', 'asvs_level_3_score']


class DeleteBenchmarkForm(forms.ModelForm):
id = forms.IntegerField(required=True,
widget=forms.widgets.HiddenInput())
@@ -1350,12 +1367,14 @@ class Meta:
model = Benchmark_Product_Summary
exclude = ['product', 'benchmark_type', 'desired_level', 'current_level', 'asvs_level_1_benchmark', 'asvs_level_1_score', 'asvs_level_2_benchmark', 'asvs_level_2_score', 'asvs_level_3_benchmark', 'asvs_level_3_score', 'publish']


class JIRA_PKeyForm(forms.ModelForm):

class Meta:
model = JIRA_PKey
exclude = ['product']


class DeleteJIRAConfForm(forms.ModelForm):
id = forms.IntegerField(required=True,
widget=forms.widgets.HiddenInput())
@@ -1370,24 +1389,29 @@ class Meta:
model = Tool_Type
exclude = ['product']


class LanguagesTypeForm(forms.ModelForm):
class Meta:
model = Languages
exclude = ['product']


class Languages_TypeTypeForm(forms.ModelForm):
class Meta:
model = Language_Type
exclude = ['product']


class App_AnalysisTypeForm(forms.ModelForm):
class Meta:
model = App_Analysis
exclude = ['product']


class ToolConfigForm(forms.ModelForm):
tool_type = forms.ModelChoiceField(queryset=Tool_Type.objects.all(), label='Tool Type')
ssh = forms.CharField(widget=forms.Textarea(attrs={}), required=False, label='SSH Key')

class Meta:
model = Tool_Configuration
exclude = ['product']
@@ -1397,7 +1421,7 @@ def clean(self):
form_data = self.cleaned_data

try:
url_validator = URLValidator(schemes=['ssh','http', 'https'])
url_validator = URLValidator(schemes=['ssh', 'http', 'https'])
url_validator(form_data["url"])
except forms.ValidationError:
raise forms.ValidationError(
@@ -1406,6 +1430,7 @@ def clean(self):

return form_data


class DeleteObjectsSettingsForm(forms.ModelForm):
id = forms.IntegerField(required=True,
widget=forms.widgets.HiddenInput())
@@ -1414,6 +1439,7 @@ class Meta:
model = Objects
exclude = ['tool_type']


class DeleteToolProductSettingsForm(forms.ModelForm):
id = forms.IntegerField(required=True,
widget=forms.widgets.HiddenInput())
@@ -1437,7 +1463,7 @@ def clean(self):
form_data = self.cleaned_data

try:
url_validator = URLValidator(schemes=['ssh','http', 'https'])
url_validator = URLValidator(schemes=['ssh', 'http', 'https'])
url_validator(form_data["url"])
except forms.ValidationError:
raise forms.ValidationError(
@@ -1446,6 +1472,7 @@ def clean(self):

return form_data


class ObjectSettingsForm(forms.ModelForm):

tags = forms.CharField(widget=forms.SelectMultiple(choices=[]),
@@ -1492,24 +1519,28 @@ class Meta:
model = System_Settings
exclude = ['product_grade']


class BenchmarkForm(forms.ModelForm):

class Meta:
model = Benchmark_Product
exclude = ['product', 'control']


class Benchmark_RequirementForm(forms.ModelForm):

class Meta:
model = Benchmark_Requirement
exclude = ['']


class NotificationsForm(forms.ModelForm):

class Meta:
model = Notifications
exclude = ['']


class CredUserForm(forms.ModelForm):
# selenium_script = forms.FileField(widget=forms.widgets.FileInput(
# attrs={"accept": ".py"}),
@@ -1266,6 +1266,7 @@ class JIRA_PKey(models.Model):


class Notifications(models.Model):
product_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
engagement_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
test_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
results_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)

0 comments on commit fe914da

Please sign in to comment.
You can’t perform that action at this time.