Merge pull request #520 from aaronweaver/master

Tracking file on source code commits.

Author: devGregA

docs/upgrading.rst

@@ -134,7 +134,7 @@ Upgrading to 1.2.2 requires:
 
 2. If you have supervisor scripts change DJANGO_SETTINGS_MODULE=dojo.settings.settings
 
-Upgrading to DefectDojo Version 1.2.2
+Upgrading to DefectDojo Version 1.2.3
 ------------------------------------
 
 Upgrading to 1.2.3 requires:
@@ -144,3 +144,13 @@ Upgrading to 1.2.3 requires:
     ./manage.py loaddata dojo/fixtures/language_type.json
 
 2. Currently languages and technologies can be updated via the API or in the admin section of Django.
+
+Upgrading to DefectDojo Version 1.2.4
+------------------------------------
+
+Upgrading to 1.2.4 requires:
+
+1.  ./manage.py makemigrations
+    ./manage.py migrate
+    ./manage.py loaddata dojo/fixtures/test_type.json
+    ./manage.py loaddata dojo/fixtures/objects_review.json

dojo/__init__.py

@@ -4,7 +4,7 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa
 
-__version__ = '1.2.3'
-__url__ = 'https://github.com/OWASP/django-DefectDojo'
+__version__ = '1.2.4'
+__url__ = 'https://github.com/DefectDojo/django-DefectDojo'
 __docs__ = 'http://defectdojo.readthedocs.io/'
 __demo__ = 'http://defectdojo.pythonanywhere.com/'

dojo/api.py

@@ -32,6 +32,7 @@
 from dojo.tools.factory import import_parser_factory
 from dojo.utils import get_system_setting
 from datetime import datetime
+from object.parser import import_object_eng
 
 """
     Setup logging for the api
@@ -1189,6 +1190,38 @@ def is_valid(self, bundle, request=None):
 
         return errors
 
+class BuildDetails(MultipartResource, Resource):
+    file = fields.FileField(attribute='file')
+    engagement = fields.CharField(attribute='engagement')
+
+    class Meta:
+        resource_name = 'build_details'
+        fields = ['engagement', 'file']
+        list_allowed_methods = ['post']
+        detail_allowed_methods = []
+        include_resource_uri = True
+
+        authentication = DojoApiKeyAuthentication()
+        authorization = DjangoAuthorization()
+        #validation = ImportScanValidation()
+        #object_class = ImportScanObject
+
+    def hydrate(self, bundle):
+        bundle.obj.__setattr__('engagement_obj',
+                               Engagement.objects.get(id=get_pk_from_uri(bundle.data['engagement'])))
+
+        return bundle
+
+    def obj_create(self, bundle, **kwargs):
+        bundle.obj = ImportScanObject(initial=kwargs)
+        self.is_valid(bundle)
+        if bundle.errors:
+            raise ImmediateHttpResponse(response=self.error_response(bundle.request, bundle.errors))
+
+        bundle = self.full_hydrate(bundle)
+
+        import_object_eng(bundle.request, bundle.obj.__getattr__('engagement_obj'), bundle.data['file'])
+
 class ImportScanResource(MultipartResource, Resource):
     scan_date = fields.DateTimeField(attribute='scan_date')
     minimum_severity = fields.CharField(attribute='minimum_severity')

dojo/celery.py

@@ -19,4 +19,3 @@
 @app.task(bind=True)
 def debug_task(self):
     print('Request: {0!r}'.format(self.request))
-

dojo/dojo.celery.beat.db.db

@@ -0,0 +1 @@
+[{"model": "dojo.objects_review", "pk": 1, "fields": {"name": "Untracked", "created": "2018-03-16T15:21:36.057Z"}}, {"model": "dojo.objects_review", "pk": 2, "fields": {"name": "Manual Code Review Required", "created": "2018-03-17T14:21:58.541Z"}}, {"model": "dojo.objects_review", "pk": 3, "fields": {"name": "Manual Code Review and Create Test", "created": "2018-03-20T20:50:31.509Z"}}]

dojo/fixtures/objects_review.json

@@ -89,5 +89,110 @@
     },
     "model": "dojo.test_type",
     "pk": 13
+  },
+  {
+    "fields": {
+      "name": "Bandit Scan"
+    },
+    "model": "dojo.test_type",
+    "pk": 14
+  },
+  {
+    "fields": {
+      "name": "SSL Labs Scan"
+    },
+    "model": "dojo.test_type",
+    "pk": 15
+  },
+  {
+    "fields": {
+      "name": "AppSpider Scan"
+    },
+    "model": "dojo.test_type",
+    "pk": 16
+  },
+  {
+    "fields": {
+      "name": "Arachni Scan"
+    },
+    "model": "dojo.test_type",
+    "pk": 17
+  },
+  {
+    "fields": {
+      "name": "Dependency Check Scan"
+    },
+    "model": "dojo.test_type",
+    "pk": 17
+  },
+  {
+    "fields": {
+      "name": "Generic Findings Import"
+    },
+    "model": "dojo.test_type",
+    "pk": 18
+  },
+  {
+    "fields": {
+      "name": "Nmap Scan"
+    },
+    "model": "dojo.test_type",
+    "pk": 19
+  },
+  {
+    "fields": {
+      "name": "Node Security Platform Scan"
+    },
+    "model": "dojo.test_type",
+    "pk": 20
+  },
+  {
+    "fields": {
+      "name": "Qualys Scan"
+    },
+    "model": "dojo.test_type",
+    "pk": 21
+  },
+  {
+    "fields": {
+      "name": "Qualys Web App Scan"
+    },
+    "model": "dojo.test_type",
+    "pk": 22
+  },
+  {
+    "fields": {
+      "name": "Retire.js Scan"
+    },
+    "model": "dojo.test_type",
+    "pk": 23
+  },
+  {
+    "fields": {
+      "name": "SKF Scan"
+    },
+    "model": "dojo.test_type",
+    "pk": 24
+  },
+  {
+    "fields": {
+      "name": "Snyk Scan"
+    },
+    "model": "dojo.test_type",
+    "pk": 25
+  },
+  {
+    "fields": {
+      "name": "VCG Scan"
+    },
+    "model": "dojo.test_type",
+    "pk": 26
+  },
+  {
+    "fields": {
+      "name": "Manual Code Review"
+    },
+    "model": "dojo.test_type",
+    "pk": 27
   }
 ]

dojo/fixtures/test_type.json

@@ -20,7 +20,7 @@
     Check_List, User, Engagement, Test, Test_Type, Notes, Risk_Acceptance, \
     Development_Environment, Dojo_User, Scan, Endpoint, Stub_Finding, Finding_Template, Report, FindingImage, \
     JIRA_Issue, JIRA_PKey, JIRA_Conf, UserContactInfo, Tool_Type, Tool_Configuration, Tool_Product_Settings, \
-    Cred_User, Cred_Mapping, System_Settings, Notifications, Languages, Language_Type, App_Analysis
+    Cred_User, Cred_Mapping, System_Settings, Notifications, Languages, Language_Type, App_Analysis, Objects
 from dojo.utils import get_system_setting
 
 RE_DATE = re.compile(r'(\d{4})-(\d\d?)-(\d\d?)$')
@@ -1345,6 +1345,13 @@ def clean(self):
 
         return form_data
 
+class DeleteObjectsSettingsForm(forms.ModelForm):
+    id = forms.IntegerField(required=True,
+                            widget=forms.widgets.HiddenInput())
+
+    class Meta:
+        model = Objects
+        exclude = ['tool_type']
 
 class DeleteToolProductSettingsForm(forms.ModelForm):
     id = forms.IntegerField(required=True,
@@ -1378,6 +1385,28 @@ def clean(self):
 
         return form_data
 
+class ObjectSettingsForm(forms.ModelForm):
+
+    tags = forms.CharField(widget=forms.SelectMultiple(choices=[]),
+                           required=False,
+                           help_text="Add tags that help describe this object.  "
+                                     "Choose from the list or add new tags.  Press TAB key to add.")
+
+    class Meta:
+        model = Objects
+        fields = ['path', 'folder', 'artifact', 'name', 'review_status']
+        exclude = ['product']
+
+    def __init__(self, *args, **kwargs):
+        tags = Tag.objects.usage_for_model(Objects)
+        t = [(tag.name, tag.name) for tag in tags]
+        super(ObjectSettingsForm, self).__init__(*args, **kwargs)
+        self.fields['tags'].widget.choices = t
+
+    def clean(self):
+        form_data = self.cleaned_data
+
+        return form_data
 
 
 class CredMappingForm(forms.ModelForm):

dojo/forms.py

@@ -1195,22 +1195,15 @@ class JIRA_PKey(models.Model):
 
 
 class Notifications(models.Model):
-    engagement_added = MultiSelectField(choices=NOTIFICATION_CHOICES,
-                                        default='alert', blank=True)
-    test_added = MultiSelectField(choices=NOTIFICATION_CHOICES,
-                                  default='alert', blank=True)
-    results_added = MultiSelectField(choices=NOTIFICATION_CHOICES,
-                                     default='alert', blank=True)
-    report_created = MultiSelectField(choices=NOTIFICATION_CHOICES,
-                                      default='alert', blank=True)
-    jira_update = MultiSelectField(choices=NOTIFICATION_CHOICES,
-                                   default='alert', blank=True)
-    upcoming_engagement = MultiSelectField(choices=NOTIFICATION_CHOICES,
-                                           default='alert', blank=True)
-    user_mentioned = MultiSelectField(choices=NOTIFICATION_CHOICES,
-                                      default='alert', blank=True)
-    other = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert',
-                             blank=True)
+    engagement_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
+    test_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
+    results_added = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
+    report_created = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
+    jira_update = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
+    upcoming_engagement = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
+    user_mentioned = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
+    code_review = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
+    other = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
     user = models.ForeignKey(User, default=None, null=True, editable=False)
 
 
@@ -1359,7 +1352,7 @@ class App_Analysis(models.Model):
     user = models.ForeignKey(User, editable=True)
     confidence = models.IntegerField(blank=True, null=True, verbose_name='Confidence level')
     version = models.CharField(max_length=200, null=True, blank=True, verbose_name='Version Number')
-    icon = models.CharField(max_length=200, null=True, blank=True,)
+    icon = models.CharField(max_length=200, null=True, blank=True)
     website = models.URLField(max_length=400, null=True, blank=True)
     website_found = models.URLField(max_length=400, null=True, blank=True)
     created = models.DateTimeField(null=False, editable=False, default=now)
@@ -1368,17 +1361,51 @@ class Objects_Review(models.Model):
     name = models.CharField(max_length=100, null=True)
     created = models.DateTimeField(null=False, editable=False, default=now)
 
+    def __unicode__(self):
+        return self.name
+
 class Objects(models.Model):
-    engagement = models.ForeignKey(Engagement)
-    name = models.CharField(max_length=100, null=True)
-    path = models.CharField(max_length=600, null=False)
+    product = models.ForeignKey(Product)
+    name = models.CharField(max_length=100, null=True, blank=True)
+    path = models.CharField(max_length=600, verbose_name='Full file path', null=True, blank=True)
+    folder = models.CharField(max_length=400, verbose_name='Folder', null=True, blank=True)
+    artifact = models.CharField(max_length=400, verbose_name='Artifact', null=True, blank=True)
     review_status = models.ForeignKey(Objects_Review)
     created = models.DateTimeField(null=False, editable=False, default=now)
 
+    def __unicode__(self):
+        name = None
+        if self.path != None:
+            name = self.path
+        elif self.folder != None:
+            name = self.folder
+        elif self.artifact != None:
+            name = self.artifact
+
+        return name
+
+    class Meta:
+        unique_together = [('product', 'path')]
+
 class Objects_Engagement(models.Model):
     engagement = models.ForeignKey(Engagement)
-    object = models.ForeignKey(Objects)
+    object_id = models.ForeignKey(Objects)
+    build_id = models.CharField(max_length=150, null=True)
     created = models.DateTimeField(null=False, editable=False, default=now)
+    full_url = models.URLField(max_length=400, null=True, blank=True)
+    type = models.CharField(max_length=30, null=True)
+    percentUnchanged = models.CharField(max_length=10, null=True)
+
+    def __unicode__(self):
+        data = ""
+        if self.object_id.path:
+            data = self.object_id.path
+        elif self.object_id.folder:
+            data = self.object_id.folder
+        elif self.object_id.artifact:
+            data = self.object_id.artifact
+
+        return data + " | " + self.engagement.name + " | " + str(self.engagement.id)
 
 # Register for automatic logging to database
 auditlog.register(Dojo_User)