Merge pull request #315 from devGregA/master

devGregA · web-flow · commit bc19dd3b2811 · 2017-07-11T17:39:06.000-05:00
Adds leads to tests
diff --git a/docs/dojo-production.rst b/docs/dojo-production.rst
@@ -0,0 +1,108 @@
+Running in Production
+=====================
+
+This guide will walk you through how to setup DefectDojo for running in production using Ubuntu 16.04, nginx, and uwsgi.
+
+*Install, Setup, and Activate Virtualenv*
+
+.. code-block:: console
+
+  pip install virtualenv
+
+  virtualenv dojo
+
+  source my_project/bin/activate
+
+**Install Dojo**
+
+.. code-block:: console
+
+  cd django-DefectDojo
+
+  ./install.bash
+
+**Install Uwsgi**
+
+.. code-block:: console
+
+  pip install uwsgi
+
+**Install WKHTML**
+
+from inside the django-DefectDojo/ directory execute:
+
+.. code-block:: console
+
+  ./reports.sh
+
+**Disable Debugging**
+
+Using the text-editor of your choice, change ``DEBUG`` in django-DefectDojo/dojo/settings.py to:
+
+.. code-block:: console
+
+  `DEBUG = False` 
+
+**Start Celery and Beats**
+
+From inside the django-DefectDojo/ directory execute:
+
+.. code-block:: console
+
+  celery -A dojo worker -l info --concurrency 3
+
+  celery beat -A dojo -l info
+
+It is recommended that you daemonized both these processes with the sample configurations found `here`_ and `here.`_
+
+.. _here: https://github.com/celery/celery/blob/3.1/extra/supervisord/celeryd.conf
+.. _here.: https://github.com/celery/celery/blob/3.1/extra/supervisord/celerybeat.conf
+
+However, for a quick setup you can use the following to run both in the background
+
+.. code-block:: console
+
+  celery -A dojo worker -l info --concurrency 3 &
+
+  celery beat -A dojo -l info &
+
+*Start Uwsgi*
+
+From inside the django-DefectDojo/ directory execute:
+
+.. code-block:: console
+
+  uwsgi --socket :8001 --wsgi-file wsgi.py --workers 7
+
+It is recommended that you use an Upstart job or a @restart cron job to launch uwsgi on reboot. However, if you’re in a hurry you can use the following to run it in the background:
+
+.. code-block:: console
+
+  uwsgi --socket :8001 --wsgi-file wsgi.py --workers 7 &
+
+*NGINX Configuration*
+
+Everyone feels a little differently about nginx settings, so here are the barebones to add your to your nginx configuration to proxy uwsgi:
+
+.. code-block:: json
+
+  upstream django {
+   
+    server 127.0.0.1:8001; 
+  }
+
+  location /dojo/static/ {
+      alias   /data/prod_dojo/django-DefectDojo/static/;
+  }
+
+  location /dojo/media/ {
+      alias   /data/prod_dojo/django-DefectDojo/media/;
+  }
+
+
+  location /dojo {
+      uwsgi_pass django;
+      include     /data/prod_dojo/django-DefectDojo/wsgi_params;
+  }
+
+*That's it!*
diff --git a/docs/labels.rst b/docs/labels.rst
@@ -0,0 +1,40 @@
+Issue Labels
+============================
+
+This section covers our issue labels and what they mean.
+
+'1.2 release' - These issues are targeted for the 1.2 release of DefectDojo which is scheduled for AppSec USA on September 19th
+
+'believe to be fixed' - Issues that have been investigated / verified where code has been merged to resolve the issue. We do not close verified issues until the person who submitted the issue confirm the fix is working. If the submitter is unresponsive we will go ahead and close a 'believe to be fixed' issue, provided that the author of the code has tested the resolution.
+
+'bug' - Issues that have been investigated and are confirmed.
+
+'code sprint' - DefectDojo is participating in the OWASP 2017 Code Sprint where students assist with OWASP projects. Although this issues are earmarked for the Code Sprint, anyone is welcome to work on a Code Sprint issue, provided that is hasn't been assigned. These are great introductory issues for first time contributors.
+
+'docker' - Issues that are specific to the Docker deployment that are not present in the regular install.
+
+'documentation' - Issues that are related to documentation and do not have any impact related to code or application performance.
+
+'enhancement' - Ideas that are not bugs that may or may not be implemented in the future.
+
+‘high priority’ - Issues that the maintainers consider to be highly impacting and will receive priority.
+
+‘in progress’ - Issues that code is actively being developed for.
+
+‘invalid’ - Issues that invalid possibly from using an old code base or outdated library.
+
+‘investigating’ - Issues that are actively being investigated but haven’t been confirmed as a bug.
+
+‘out of scope’ - Issues that related to third party libraries or code we don’t have control over.
+
+‘question’ - These are questions from the community on, docs, deployment, code, or contributing.
+
+‘swag reward’ - when a ‘swag reward’ issue is fixed, the contributor receives swag (such as shirt, stickers, etc).
+
+‘top priority’ - Issues with this label out-rank ‘high priority’ and receive priority on completion from a maintainer.
+
+‘unable to reproduce’ - The issues has been investigated and the maintainer is not able to reproduce the issue.
+
+‘$100 reward’ - The contributor will receive $100 USD for successfully fixing the issue.
+
+
diff --git a/dojo/engagement/views.py b/dojo/engagement/views.py
@@ -309,7 +309,11 @@ def add_tests(request, eid):
         if form.is_valid():
             new_test = form.save(commit=False)
             new_test.engagement = eng
-            # new_test.lead = User.objects.get(id=form['lead'].value())
+	    try:
+            	new_test.lead = User.objects.get(id=form['lead'].value())
+	    except:
+		new_test.lead = None
+		pass
             new_test.save()
             tags = request.POST.getlist('tags')
             t = ", ".join(tags)
@@ -338,6 +342,8 @@ def add_tests(request, eid):
                 return HttpResponseRedirect(reverse('view_engagement', args=(eng.id,)))
     else:
         form = TestForm()
+	form.initial['target_start'] = eng.target_start
+	form.initial['target_end'] = eng.target_end
     add_breadcrumb(parent=eng, title="Add Tests", top_level=False, request=request)
     return render(request, 'dojo/add_tests.html',
                   {'form': form,
diff --git a/dojo/forms.py b/dojo/forms.py
@@ -183,7 +183,7 @@ def __init__(self, *args, **kwargs):
 
     class Meta:
         model = Product
-        fields = ['name', 'description', 'tags', 'product_manager', 'technical_contact', 'team_manager', 'prod_type',
+        fields = ['name', 'description', 'tags', 'prod_manager', 'tech_contact', 'manager', 'prod_type',
                   'authorized_users']
 
 
@@ -555,6 +555,9 @@ class TestForm(forms.ModelForm):
                            required=False,
                            help_text="Add tags that help describe this test.  "
                                      "Choose from the list or add new tags.  Press TAB key to add.")
+    lead = forms.ModelChoiceField(
+	queryset=User.objects.exclude(is_staff=False),
+	required=False, label="Testing Lead")
 
 
     def __init__(self, *args, **kwargs):
diff --git a/dojo/models.py b/dojo/models.py
@@ -531,6 +531,7 @@ def get_breadcrumbs(self):
 
 class Test(models.Model):
     engagement = models.ForeignKey(Engagement, editable=False)
+    lead = models.ForeignKey(User, editable=True, null=True)
     test_type = models.ForeignKey(Test_Type)
     target_start = models.DateTimeField()
     target_end = models.DateTimeField()
diff --git a/dojo/templates/dojo/engagement.html b/dojo/templates/dojo/engagement.html
@@ -60,8 +60,19 @@ <h3 class="has-filters">
                                 <td>
                                     {% for e in p.engagement_set.all %}
                                         {% if e.active %}
-                                            <a class="eng_link" href="{% url 'view_engagement' e.id %}">
+						<div class="lineContainer">
+							<a  style="display: inline" class="eng_link" href="{% url 'view_engagement' e.id %}">
                                                 {% if e.name %}{{ e.name }} {% endif %}{{ e.target_start }}</a>
+							| Lead: {{ e.lead.first_name }}
+                                                        |
+                                                        {%  for test in e.test_set.all %}
+								{% if test.lead %}
+                                                                <a href="{% url 'view_test' test.id %}"> {{ test.test_type }}: {{ test.lead.first_name }} </a> |
+								{% else %}
+                                                                <a href="{% url 'view_test' test.id %}"> {{ test.test_type }} </a> |
+								{% endif %}
+                                                        {% endfor %}
+						</div>
                                                 <sup>
                                                  {% for tag in e.tags %}
                                                       <a title="Search {{ tag }}" class="btn btn-tag btn-primary" href="{% url 'simple_search' %}?query={{ tag }}">{{ tag }}</a>
diff --git a/dojo/templates/dojo/view_eng.html b/dojo/templates/dojo/view_eng.html
@@ -337,6 +337,7 @@ <h4 class="pull-left">
                                 <th>Type</th>
                                 <th>Start Date</th>
                                 <th>End Date</th>
+				<th>Lead</th>
                                 <th>Findings</th>
                                 <th>Notes</th>
                                 <th>Actions</th>
@@ -356,6 +357,7 @@ <h4 class="pull-left">
                                     </td>
                                     <td>{{ test.target_start.date }}</td>
                                     <td>{{ test.target_end.date }}</td>
+				    <td>{{ test.lead }}</td>
                                     <td>{{ test.finding_set.all|length }}</td>
                                     <td>{{ test.notes.all|length }}</td>
                                     <td>
diff --git a/dojo/templates/dojo/view_product.html b/dojo/templates/dojo/view_product.html
@@ -354,9 +354,9 @@ <h4>Details</h4>
                     </tr>
                     <tr>
                         <td>{{ prod.prod_type }}</td>
-                        <td>{{ prod.team_manager | default:"Unknown" }}</td>
-                        <td>{{ prod.product_manager | default:"Unknown" }}</td>
-                        <td>{{ prod.technical_contact | default:"Unknown" }}</td>
+                        <td>{{ prod.manager | default:"Unknown" }}</td>
+                        <td>{{ prod.prod_manager | default:"Unknown" }}</td>
+                        <td>{{ prod.tech_contact | default:"Unknown" }}</td>
                         <td>
                             {% if prod.authorized_users.all %}
                                 <ul class="no-bullets">
diff --git a/wsgi.py b/wsgi.py
@@ -0,0 +1,33 @@
+"""
+WSGI config for dojo project.
+
+This module contains the WSGI application used by Django's development server
+and any production WSGI deployments. It should expose a module-level variable
+named ``application``. Django's ``runserver`` and ``runfcgi`` commands discover
+this application via the ``WSGI_APPLICATION`` setting.
+
+Usually you will have the standard Django WSGI application here, but it also
+might make sense to replace the whole Django WSGI application with a custom one
+that later delegates to the Django one. For example, you could introduce WSGI
+middleware here, or combine a Django application with an application of another
+framework.
+
+"""
+import os
+
+# We defer to a DJANGO_SETTINGS_MODULE already in the environment. This breaks
+# if running multiple sites in the same mod_wsgi process. To fix this, use
+# mod_wsgi daemon mode with each site in its own daemon process, or use
+# os.environ["DJANGO_SETTINGS_MODULE"] = "dojo.settings"
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "dojo.settings")
+
+# This application object is used by any WSGI server configured to use this
+# file. This includes Django's development server, if the WSGI_APPLICATION
+# setting points here.
+from django.core.wsgi import get_wsgi_application
+
+application = get_wsgi_application()
+
+# Apply WSGI middleware here.
+# from helloworld.wsgi import HelloWorldApplication
+# application = HelloWorldApplication(application)
diff --git a/wsgi_params b/wsgi_params
@@ -0,0 +1,16 @@
+uwsgi_param  QUERY_STRING       $query_string;
+uwsgi_param  REQUEST_METHOD     $request_method;
+uwsgi_param  CONTENT_TYPE       $content_type;
+uwsgi_param  CONTENT_LENGTH     $content_length;
+
+uwsgi_param  REQUEST_URI        $request_uri;
+uwsgi_param  PATH_INFO          $document_uri;
+uwsgi_param  DOCUMENT_ROOT      $document_root;
+uwsgi_param  SERVER_PROTOCOL    $server_protocol;
+uwsgi_param  REQUEST_SCHEME     $scheme;
+uwsgi_param  HTTPS              $https if_not_empty;
+
+uwsgi_param  REMOTE_ADDR        $remote_addr;
+uwsgi_param  REMOTE_PORT        $remote_port;
+uwsgi_param  SERVER_PORT        $server_port;
+uwsgi_param  SERVER_NAME        $server_name;
