Merge pull request #533 from aaronweaver/master

Grading for Products

Author: devGregA

README.md

@@ -35,12 +35,6 @@ You can also log in as a product owner / non-staff user:
 
 For additional documentation you can visit our [Read the Docs site](https://defectdojo.readthedocs.io/).
 
-# One-Click Installations
-
-Deploy to Docker Cloud. (__Login first to Docker Cloud before clicking the install button.__)
-
-[![Deploy to Docker Cloud](https://files.cloud.docker.com/images/deploy-to-dockercloud.svg)](https://cloud.docker.com/stack/deploy/?repo=https://github.com/aaronweaver/docker-DefectDojo)
-
 # Installation Options
 
 ### [Debian, Ubuntu (16.04.2+) or RHEL-based Install Script](https://defectdojo.readthedocs.io/en/latest/getting-started.html#install-script)

docs/upgrading.rst

@@ -153,3 +153,20 @@ Upgrading to 1.2.4 requires:
 1.  ./manage.py makemigrations
     ./manage.py migrate
     ./manage.py loaddata dojo/fixtures/objects_review.json
+
+
+Upgrading to DefectDojo Version 1.2.8
+------------------------------------
+
+New feature: Product Grading (Overall Product Health)
+Upgrading to 1.2.8 requires:
+
+1.  ./manage.py makemigrations
+    ./manage.py migrate
+    ./manage.py system_settings
+
+2. ./manage.py collectstatic --noinput
+
+3. pip install asteval
+
+4. Complete

dojo/__init__.py

@@ -4,7 +4,7 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa
 
-__version__ = '1.2.5'
+__version__ = '1.2.8'
 __url__ = 'https://github.com/DefectDojo/django-DefectDojo'
 __docs__ = 'http://defectdojo.readthedocs.io/'
 __demo__ = 'http://defectdojo.pythonanywhere.com/'

dojo/fixtures/system_settings.json

@@ -7,7 +7,13 @@
     "enable_jira": false,
     "s_finding_severity_naming": false,
     "url_prefix": "",
-    "time_zone": "UTC"
+    "time_zone": "UTC",
+    "product_grade": "def grade_product(crit, high, med, low):\r\n    health=100\r\n    if crit > 0:\r\n        health = 40\r\n        health = health - ((crit - 1) * 5)\r\n    if high > 0:\r\n        if health == 100:\r\n            health = 60\r\n        health = health - ((high - 1) * 3)\r\n    if med > 0:\r\n        if health == 100:\r\n            health = 80\r\n        health = health - ((med - 1) * 2)\r\n    if low > 0:\r\n        if health == 100:\r\n            health = 95\r\n        health = health - low\r\n\r\n    if health < 5:\r\n        health = 5\r\n\r\n    return health",
+    "product_grade_a": 90,
+    "product_grade_b": 80,
+    "product_grade_c": 70,
+    "product_grade_d": 60,
+    "product_grade_f": 59
   }
 }
 ]

dojo/forms.py

@@ -1249,7 +1249,7 @@ class Meta:
 class UserContactInfoForm(forms.ModelForm):
     class Meta:
         model = UserContactInfo
-        exclude = ['user']
+        exclude = ['user', 'slack_user_id']
 
 
 def get_years():
@@ -1466,7 +1466,7 @@ class Meta:
 class SystemSettingsForm(forms.ModelForm):
     class Meta:
         model = System_Settings
-        exclude = ['']
+        exclude = ['product_grade']
 
 class NotificationsForm(forms.ModelForm):
 

dojo/management/commands/system_settings.py

@@ -0,0 +1,33 @@
+from django.core.management.base import BaseCommand
+from dojo.models import System_Settings
+
+class Command(BaseCommand):
+    help = 'Updates product grade calculation'
+
+    def handle(self, *args, **options):
+        code = """def grade_product(crit, high, med, low):
+            health=100
+            if crit > 0:
+                health = 40
+                health = health - ((crit - 1) * 5)
+            if high > 0:
+                if health == 100:
+                    health = 60
+                health = health - ((high - 1) * 3)
+            if med > 0:
+                if health == 100:
+                    health = 80
+                health = health - ((med - 1) * 2)
+            if low > 0:
+                if health == 100:
+                    health = 95
+                health = health - low
+
+            if health < 5:
+                health = 5
+
+            return health
+            """
+        system_settings = System_Settings.objects.get(id=1)
+        system_settings.product_grade = code
+        system_settings.save()

dojo/models.py

@@ -19,7 +19,7 @@
 from django.core.urlresolvers import reverse
 from django.core.validators import RegexValidator
 from django.db import models
-from django.db.models import Q
+from django.db.models import Q, Count
 from django.utils.timezone import now
 from imagekit.models import ImageSpecField
 from imagekit.processors import ResizeToCover
@@ -28,7 +28,7 @@
 from tagging.registry import register as tag_register
 from multiselectfield import MultiSelectField
 import hashlib
-
+from django import forms
 
 class System_Settings(models.Model):
     enable_deduplication = models.BooleanField(
@@ -99,13 +99,29 @@ class System_Settings(models.Model):
                                       'be displayed.')
     false_positive_history = models.BooleanField(default=False)
 
-    url_prefix = models.CharField(max_length=300, default='', blank=True)
+    url_prefix = models.CharField(max_length=300, default='', blank=True, help_text="URL prefix if DefectDojo is installed in it's own virtual subdirectory.")
     team_name = models.CharField(max_length=100, default='', blank=True)
     time_zone = models.CharField(max_length=50,
                                  choices=[(tz, tz) for tz in all_timezones],
                                  default='UTC', blank=False)
-    display_endpoint_uri = models.BooleanField(default=False)
+    display_endpoint_uri = models.BooleanField(default=False, verbose_name="Display Endpoint Full URI", help_text="Displays the full endpoint URI in the endpoint view.")
+    enable_product_grade = models.BooleanField(default=False, verbose_name="Enable Product Grading", help_text="Displays a grade letter next to a product to show the overall health.")
+    product_grade = models.CharField(max_length=800, blank=True)
+    product_grade_a = models.IntegerField(default=90, verbose_name="Grade A", help_text="Percentage score for an 'A' >=")
+    product_grade_b = models.IntegerField(default=80, verbose_name="Grade B", help_text="Percentage score for a 'B' >=")
+    product_grade_c = models.IntegerField(default=70, verbose_name="Grade C", help_text="Percentage score for a 'C' >=")
+    product_grade_d = models.IntegerField(default=60, verbose_name="Grade D", help_text="Percentage score for a 'D' >=")
+    product_grade_f = models.IntegerField(default=59, verbose_name="Grade F", help_text="Percentage score for an 'F' <=")
+
+class SystemSettingsFormAdmin(forms.ModelForm):
+    product_grade = forms.CharField( widget=forms.Textarea )
+    class Meta:
+        model = System_Settings
+        fields = ['product_grade']
 
+class System_SettingsAdmin(admin.ModelAdmin):
+    form = SystemSettingsFormAdmin
+    fields = ('product_grade',)
 
 def get_current_date():
     return timezone.now().date()
@@ -152,9 +168,10 @@ class UserContactInfo(models.Model):
                                              "Up to 15 digits allowed.")
     twitter_username = models.CharField(blank=True, null=True, max_length=150)
     github_username = models.CharField(blank=True, null=True, max_length=150)
-    slack_username = models.CharField(blank=True, null=True, max_length=150)
+    slack_username = models.CharField(blank=True, null=True, max_length=150, help_text="Email address associated with your slack account", verbose_name="Slack Email Address")
+    slack_user_id = models.CharField(blank=True, null=True, max_length=25)
     hipchat_username = models.CharField(blank=True, null=True, max_length=150)
-    block_execution = models.BooleanField(default=False)
+    block_execution = models.BooleanField(default=False, help_text="Instead of async deduping a finding the findings will be deduped synchronously and will 'block' the user until completion.")
 
 
 class Contact(models.Model):
@@ -260,8 +277,8 @@ class Product(models.Model):
     They remain in model for backwards compatibility and will be removed
     in a future release.  prod_manager, tech_contact, manager
 
-    The admin script migrate_product_contacts should be used to migrate data 
-    from these fields to their replacements.  
+    The admin script migrate_product_contacts should be used to migrate data
+    from these fields to their replacements.
     ./manage.py migrate_product_contacts
     '''
     prod_manager = models.CharField(default=0, max_length=200)  # unused
@@ -281,6 +298,7 @@ class Product(models.Model):
     updated = models.DateTimeField(editable=False, null=True, blank=True)
     tid = models.IntegerField(default=0, editable=False)
     authorized_users = models.ManyToManyField(User, blank=True)
+    prod_numeric_grade = models.IntegerField(null=True, blank=True)
 
     def __unicode__(self):
         return self.name
@@ -838,6 +856,10 @@ def save(self, dedupe_option=True, *args, **kwargs):
         else:
             self.dyanmic_finding = True
         self.found_by.add(self.test.test_type)
+
+        from dojo.utils import calculate_grade
+        calculate_grade(self.test.engagement.product)
+
         super(Finding, self).save(*args, **kwargs)
         if (dedupe_option):
             system_settings = System_Settings.objects.get()
@@ -861,6 +883,11 @@ def save(self, dedupe_option=True, *args, **kwargs):
                 else:
                     async_false_history.delay(self, *args, **kwargs)
 
+    def delete(self, *args, **kwargs):
+        super(Finding, self).delete(*args, **kwargs)
+        from dojo.utils import calculate_grade
+        calculate_grade(self.test.engagement.product)
+
     def clean(self):
         no_check = ["test", "reporter"]
         bigfields = ["description", "mitigation", "references", "impact",
@@ -1203,6 +1230,7 @@ class Notifications(models.Model):
     upcoming_engagement = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
     user_mentioned = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
     code_review = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
+    review_requested = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
     other = MultiSelectField(choices=NOTIFICATION_CHOICES, default='alert', blank=True)
     user = models.ForeignKey(User, default=None, null=True, editable=False)
 
@@ -1462,7 +1490,8 @@ def __unicode__(self):
 admin.site.register(Tool_Type)
 admin.site.register(Cred_User)
 admin.site.register(Cred_Mapping)
-admin.site.register(System_Settings)
+admin.site.register(System_Settings, System_SettingsAdmin)
+
 
 watson.register(Product)
 watson.register(Test)

dojo/static/dojo/css/dojo.css

@@ -1130,6 +1130,30 @@ hr.report-page-break:before {
     text-decoration: none;
 }
 
+.btn-grade {
+    border-radius: 2px;
+    border-color: #ddd;
+    color: #ffffff;
+    padding: 1px 1px 1px 1px;
+    text-decoration: none;
+}
+
+.A {
+    background: #4ec83d;
+}
+.B {
+  background: #ffa100;
+}
+.C {
+  background: #FFBD33;
+}
+.D {
+  background: #cc3300;
+}
+.F {
+  background: #ef251e;
+}
+
 div.tags .label {
     font-size: 90%;
     display: inline-block;

dojo/templates/403.html

@@ -3,12 +3,6 @@
     <h1>403</h1>
     <hr/>
     <h2>
-        Hey! Listen!
+        You don't have permission to do that. Contact your administrator for additional accesss.
     </h2>
-    <h2>
-        You don't have permission to do that.
-    </h2>
-    <h3>
-        We're Sorry.
-    </h3>
-{% endblock %}
+    {% endblock %}

dojo/templates/404.html

@@ -8,7 +8,4 @@ <h1>
     <h2>
         ...we can't find what you need.
     </h2>
-    <h3>
-        We're Sorry.
-    </h3>
-{% endblock %}
+{% endblock %}