Merge pull request #313 from patriknordlen/master

Migrate application settings to model

Author: devGregA

ansible/dev-install/templates/settings.py.j2

@@ -9,11 +9,6 @@ LOGIN_REDIRECT_URL = '/'
 SESSION_COOKIE_HTTPONLY = True
 CSRF_COOKIE_HTTPONLY = True
 TEST_RUNNER = 'django.test.runner.DiscoverRunner'
-ENABLE_DEDUPLICATION = False
-ENABLE_JIRA = False
-# True will display S0, S1, S2, ect in most places
-# False will display Critical, High, Medium, etc
-S_FINDING_SEVERITY_NAMING = False
 URL_PREFIX = ''
 
 # Uncomment this line if you enable SSL

docs/upgrading.rst

@@ -71,3 +71,27 @@ The following needs to be added to settings.py: ::
     ]
 
 Once all these steps are completed your installation of DefectDojo will be running under Django 1.11
+
+
+July 6th 2017 - New location for system settings
+================================================
+
+Pull request #313 moves a number of system settings previously located in the application's settings.py
+to a model that can be used and changed within the web application under "Configuration -> System Settings". 
+
+If you're using a custom ``URL_PREFIX`` you will need to set this in the model after upgrading by
+editing ``dojo/fixtures/system_settings.json`` and setting your URL prefix in the ``url_prefix`` value there. 
+Then issue the command ``./manage.py loaddata system_settings.json`` to load your settings into the database.
+
+If you're not using a custom ``URL_PREFIX``, after upgrading simply go to the System Settings page and review
+which values you want to set for each setting, as they're not automatically migrated from settings.py. 
+
+If you like you can then remove the following settings from settings.py to avoid confusion:
+
+* ``ENABLE_DEDUPLICATION``
+* ``ENABLE_JIRA``
+* ``S_FINDING_SEVERITY_NAMING``
+* ``URL_PREFIX``
+* ``TIME_ZONE``
+* ``TEAM_NAME``
+

dojo/api.py

@@ -24,10 +24,10 @@
     ScanSettingsForm, FindingForm, StubFindingForm, FindingTemplateForm, \
     ImportScanForm, SEVERITY_CHOICES
 from dojo.tools.factory import import_parser_factory
-
+from dojo.utils import get_system_setting
 from datetime import datetime
 
-localtz = timezone(settings.TIME_ZONE)
+localtz = timezone(get_system_setting('time_zone'))
 
 """
     Setup logging for the api

dojo/cred/views.py

@@ -26,10 +26,10 @@
 from dojo.forms import *
 from dojo.tasks import *
 from dojo.forms import *
-from dojo.utils import dojo_crypto_encrypt, prepare_for_view, FileIterWrapper
+from dojo.utils import dojo_crypto_encrypt, prepare_for_view, FileIterWrapper, get_system_setting
 from dojo.product import views as ds
 
-localtz = timezone(settings.TIME_ZONE)
+localtz = timezone(get_system_setting('time_zone'))
 
 logging.basicConfig(
     level=logging.DEBUG,

dojo/development_environment/views.py

@@ -12,9 +12,9 @@
 from dojo.filters import DevelopmentEnvironmentFilter
 from dojo.forms import Development_EnvironmentForm
 from dojo.models import Development_Environment
-from dojo.utils import get_page_items, add_breadcrumb
+from dojo.utils import get_page_items, add_breadcrumb, get_system_setting
 
-localtz = timezone(settings.TIME_ZONE)
+localtz = timezone(get_system_setting('time_zone'))
 
 logging.basicConfig(
     level=logging.DEBUG,

dojo/endpoint/views.py

@@ -17,11 +17,11 @@
 from dojo.forms import EditEndpointForm, \
     DeleteEndpointForm, AddEndpointForm, EndpointMetaDataForm
 from dojo.models import Product, Endpoint, Finding
-from dojo.utils import get_page_items, add_breadcrumb, get_period_counts
+from dojo.utils import get_page_items, add_breadcrumb, get_period_counts, get_system_setting
 from django.contrib.contenttypes.models import ContentType
 from custom_field.models import CustomFieldValue, CustomField
 
-localtz = timezone(settings.TIME_ZONE)
+localtz = timezone(get_system_setting('time_zone'))
 
 logging.basicConfig(
     level=logging.DEBUG,

dojo/engagement/views.py

@@ -26,10 +26,10 @@
     JIRA_PKey, JIRA_Conf, JIRA_Issue, Cred_User, Cred_Mapping
 from dojo.tools.factory import import_parser_factory
 from dojo.utils import get_page_items, add_breadcrumb, handle_uploaded_threat, \
-    FileIterWrapper, get_cal_event, message
+    FileIterWrapper, get_cal_event, message, get_system_setting
 from dojo.tasks import update_epic_task, add_epic_task, close_epic_task
 
-localtz = timezone(settings.TIME_ZONE)
+localtz = timezone(get_system_setting('time_zone'))
 
 logging.basicConfig(
     level=logging.DEBUG,
@@ -141,12 +141,12 @@ def edit_engagement(request, eid):
         except:
             enabled = False
             pass
-        if hasattr(settings, "ENABLE_JIRA"):
-            if settings.ENABLE_JIRA:
-                if JIRA_PKey.objects.filter(product=eng.product).count() != 0:
-                    jform = JIRAFindingForm(prefix='jiraform', enabled=enabled)
-                else:
-                    jform = None
+
+        if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(product=eng.product).count() != 0:
+            jform = JIRAFindingForm(prefix='jiraform', enabled=enabled)
+        else:
+            jform = None
+
     form.initial['tags'] = [tag.name for tag in eng.tags]
     add_breadcrumb(parent=eng, title="Edit Engagement", top_level=False, request=request)
     return render(request, 'dojo/new_eng.html',

dojo/filters.py

@@ -14,8 +14,10 @@
     MultipleChoiceFilter
 from django_filters.filters import ChoiceFilter, _truncate, DateTimeFilter
 from pytz import timezone
+from dojo.utils import get_system_setting
+
+local_tz = timezone(get_system_setting('time_zone'))
 
-local_tz = timezone(settings.TIME_ZONE)
 SEVERITY_CHOICES = (('Info', 'Info'), ('Low', 'Low'), ('Medium', 'Medium'),
                     ('High', 'High'), ('Critical', 'Critical'))
 BOOLEAN_CHOICES = (('false', 'No'), ('true', 'Yes'),)

dojo/finding/views.py

@@ -33,11 +33,11 @@
     FindingImageAccessToken, JIRA_Issue, JIRA_PKey, JIRA_Conf, Dojo_User, Cred_User, Cred_Mapping, Test
 from dojo.utils import get_page_items, add_breadcrumb, FileIterWrapper, send_review_email, process_notifications, \
     add_comment, add_epic, add_issue, update_epic, update_issue, close_epic, jira_get_resolution_id, \
-    jira_change_resolution_id, get_jira_connection
+    jira_change_resolution_id, get_jira_connection, get_system_setting
 
 from dojo.tasks import add_issue_task, update_issue_task, add_comment_task
 
-localtz = timezone(settings.TIME_ZONE)
+localtz = timezone(get_system_setting('time_zone'))
 
 logging.basicConfig(
     level=logging.DEBUG,
@@ -357,11 +357,11 @@ def edit_finding(request, fid):
         enabled = True
     except:
         enabled = False
-    pass
-    if hasattr(settings, 'ENABLE_JIRA'):
-        if settings.ENABLE_JIRA:
-            if JIRA_PKey.objects.filter(product=finding.test.engagement.product) != 0:
-                jform = JIRAFindingForm(enabled=enabled, prefix='jiraform')
+        pass
+
+    if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(product=finding.test.engagement.product) != 0:
+        jform = JIRAFindingForm(enabled=enabled, prefix='jiraform')
+
     if request.method == 'POST':
         form = FindingForm(request.POST, instance=finding)
         if form.is_valid():
@@ -649,14 +649,14 @@ def promote_to_finding(request, fid):
     test = finding.test
     form_error = False
     jira_available = False
-    if hasattr(settings, 'ENABLE_JIRA'):
-         if settings.ENABLE_JIRA:
-             if JIRA_PKey.objects.filter(product=test.engagement.product) != 0:
-                jform = JIRAFindingForm(request.POST, prefix='jiraform',
-                                         enabled=JIRA_PKey.objects.get(product=test.engagement.product).push_all_issues)
-                jira_available = True
+
+    if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(product=test.engagement.product) != 0:
+        jform = JIRAFindingForm(request.POST, prefix='jiraform',
+                                enabled=JIRA_PKey.objects.get(product=test.engagement.product).push_all_issues)
+        jira_available = True
     else:
-         jform = None
+        jform = None
+        
     form = PromoteFindingForm(initial={'title': finding.title,
                                        'date': finding.date,
                                        'severity': finding.severity,

dojo/fixtures/system_settings.json

@@ -0,0 +1,13 @@
+[
+{
+  "model": "dojo.system_settings",
+  "pk": 1,
+  "fields": {
+    "enable_deduplication": false,
+    "enable_jira": false,
+    "s_finding_severity_naming": false,
+    "url_prefix": "",
+    "time_zone": "UTC"
+  }
+}
+]