Fixing Merge Conflicts

Author: devEricA

.travis.yml

@@ -56,8 +56,8 @@ notifications:
   slack:
     rooms:
       secure: nPXwHnPcf37yGkCkLimx5UmY9LTtOHL0lw88cAQeXCNNjeZuhS2jS5xGUOwwp3SrsYE4tZhD0WuVEHGDcyIhmBZh9Qqk3NHKz+tQDD/e0GE/8uTTfR1Eh+pq1YOIcLYzzKA2khmJSeHqqDriVZZoWpn67oHtrui9FYesapZ8AX0=
-    on_success: change
-    on_failure: always
+    on_success: never
+    on_failure: never
     on_start: never
 addons:
   firefox: "45.0"

ansible/dev-install/templates/settings.py.j2

@@ -9,11 +9,6 @@ LOGIN_REDIRECT_URL = '/'
 SESSION_COOKIE_HTTPONLY = True
 CSRF_COOKIE_HTTPONLY = True
 TEST_RUNNER = 'django.test.runner.DiscoverRunner'
-ENABLE_DEDUPLICATION = False
-ENABLE_JIRA = False
-# True will display S0, S1, S2, ect in most places
-# False will display Critical, High, Medium, etc
-S_FINDING_SEVERITY_NAMING = False
 URL_PREFIX = ''
 
 # Uncomment this line if you enable SSL

docs/dojo-production.rst

@@ -0,0 +1,108 @@
+Running in Production
+=====================
+
+This guide will walk you through how to setup DefectDojo for running in production using Ubuntu 16.04, nginx, and uwsgi.
+
+*Install, Setup, and Activate Virtualenv*
+
+.. code-block:: console
+
+  pip install virtualenv
+
+  virtualenv dojo
+
+  source my_project/bin/activate
+
+**Install Dojo**
+
+.. code-block:: console
+
+  cd django-DefectDojo
+
+  ./install.bash
+
+**Install Uwsgi**
+
+.. code-block:: console
+
+  pip install uwsgi
+
+**Install WKHTML**
+
+from inside the django-DefectDojo/ directory execute:
+
+.. code-block:: console
+
+  ./reports.sh
+
+**Disable Debugging**
+
+Using the text-editor of your choice, change ``DEBUG`` in django-DefectDojo/dojo/settings.py to:
+
+.. code-block:: console
+
+  `DEBUG = False` 
+
+**Start Celery and Beats**
+
+From inside the django-DefectDojo/ directory execute:
+
+.. code-block:: console
+
+  celery -A dojo worker -l info --concurrency 3
+
+  celery beat -A dojo -l info
+
+It is recommended that you daemonized both these processes with the sample configurations found `here`_ and `here.`_
+
+.. _here: https://github.com/celery/celery/blob/3.1/extra/supervisord/celeryd.conf
+.. _here.: https://github.com/celery/celery/blob/3.1/extra/supervisord/celerybeat.conf
+
+However, for a quick setup you can use the following to run both in the background
+
+.. code-block:: console
+
+  celery -A dojo worker -l info --concurrency 3 &
+
+  celery beat -A dojo -l info &
+
+*Start Uwsgi*
+
+From inside the django-DefectDojo/ directory execute:
+
+.. code-block:: console
+
+  uwsgi --socket :8001 --wsgi-file wsgi.py --workers 7
+
+It is recommended that you use an Upstart job or a @restart cron job to launch uwsgi on reboot. However, if you’re in a hurry you can use the following to run it in the background:
+
+.. code-block:: console
+
+  uwsgi --socket :8001 --wsgi-file wsgi.py --workers 7 &
+
+*NGINX Configuration*
+
+Everyone feels a little differently about nginx settings, so here are the barebones to add your to your nginx configuration to proxy uwsgi:
+
+.. code-block:: json
+
+  upstream django {
+   
+    server 127.0.0.1:8001; 
+  }
+
+  location /dojo/static/ {
+      alias   /data/prod_dojo/django-DefectDojo/static/;
+  }
+
+  location /dojo/media/ {
+      alias   /data/prod_dojo/django-DefectDojo/media/;
+  }
+
+
+  location /dojo {
+      uwsgi_pass django;
+      include     /data/prod_dojo/django-DefectDojo/wsgi_params;
+  }
+
+*That's it!*

docs/labels.rst

@@ -0,0 +1,40 @@
+Issue Labels
+============================
+
+This section covers our issue labels and what they mean.
+
+'1.2 release' - These issues are targeted for the 1.2 release of DefectDojo which is scheduled for AppSec USA on September 19th
+
+'believe to be fixed' - Issues that have been investigated / verified where code has been merged to resolve the issue. We do not close verified issues until the person who submitted the issue confirm the fix is working. If the submitter is unresponsive we will go ahead and close a 'believe to be fixed' issue, provided that the author of the code has tested the resolution.
+
+'bug' - Issues that have been investigated and are confirmed.
+
+'code sprint' - DefectDojo is participating in the OWASP 2017 Code Sprint where students assist with OWASP projects. Although this issues are earmarked for the Code Sprint, anyone is welcome to work on a Code Sprint issue, provided that is hasn't been assigned. These are great introductory issues for first time contributors.
+
+'docker' - Issues that are specific to the Docker deployment that are not present in the regular install.
+
+'documentation' - Issues that are related to documentation and do not have any impact related to code or application performance.
+
+'enhancement' - Ideas that are not bugs that may or may not be implemented in the future.
+
+‘high priority’ - Issues that the maintainers consider to be highly impacting and will receive priority.
+
+‘in progress’ - Issues that code is actively being developed for.
+
+‘invalid’ - Issues that invalid possibly from using an old code base or outdated library.
+
+‘investigating’ - Issues that are actively being investigated but haven’t been confirmed as a bug.
+
+‘out of scope’ - Issues that related to third party libraries or code we don’t have control over.
+
+‘question’ - These are questions from the community on, docs, deployment, code, or contributing.
+
+‘swag reward’ - when a ‘swag reward’ issue is fixed, the contributor receives swag (such as shirt, stickers, etc).
+
+‘top priority’ - Issues with this label out-rank ‘high priority’ and receive priority on completion from a maintainer.
+
+‘unable to reproduce’ - The issues has been investigated and the maintainer is not able to reproduce the issue.
+
+‘$100 reward’ - The contributor will receive $100 USD for successfully fixing the issue.
+
+

docs/upgrading.rst

@@ -71,3 +71,27 @@ The following needs to be added to settings.py: ::
     ]
 
 Once all these steps are completed your installation of DefectDojo will be running under Django 1.11
+
+
+July 6th 2017 - New location for system settings
+================================================
+
+Pull request #313 moves a number of system settings previously located in the application's settings.py
+to a model that can be used and changed within the web application under "Configuration -> System Settings". 
+
+If you're using a custom ``URL_PREFIX`` you will need to set this in the model after upgrading by
+editing ``dojo/fixtures/system_settings.json`` and setting your URL prefix in the ``url_prefix`` value there. 
+Then issue the command ``./manage.py loaddata system_settings.json`` to load your settings into the database.
+
+If you're not using a custom ``URL_PREFIX``, after upgrading simply go to the System Settings page and review
+which values you want to set for each setting, as they're not automatically migrated from settings.py. 
+
+If you like you can then remove the following settings from settings.py to avoid confusion:
+
+* ``ENABLE_DEDUPLICATION``
+* ``ENABLE_JIRA``
+* ``S_FINDING_SEVERITY_NAMING``
+* ``URL_PREFIX``
+* ``TIME_ZONE``
+* ``TEAM_NAME``
+

dojo/api.py

@@ -24,10 +24,10 @@
     ScanSettingsForm, FindingForm, StubFindingForm, FindingTemplateForm, \
     ImportScanForm, SEVERITY_CHOICES
 from dojo.tools.factory import import_parser_factory
-
+from dojo.utils import get_system_setting
 from datetime import datetime
 
-localtz = timezone(settings.TIME_ZONE)
+localtz = timezone(get_system_setting('time_zone'))
 
 """
     Setup logging for the api

dojo/cred/views.py

@@ -26,10 +26,10 @@
 from dojo.forms import *
 from dojo.tasks import *
 from dojo.forms import *
-from dojo.utils import dojo_crypto_encrypt, prepare_for_view, FileIterWrapper
+from dojo.utils import dojo_crypto_encrypt, prepare_for_view, FileIterWrapper, get_system_setting
 from dojo.product import views as ds
 
-localtz = timezone(settings.TIME_ZONE)
+localtz = timezone(get_system_setting('time_zone'))
 
 logging.basicConfig(
     level=logging.DEBUG,

dojo/development_environment/views.py

@@ -12,9 +12,9 @@
 from dojo.filters import DevelopmentEnvironmentFilter
 from dojo.forms import Development_EnvironmentForm
 from dojo.models import Development_Environment
-from dojo.utils import get_page_items, add_breadcrumb
+from dojo.utils import get_page_items, add_breadcrumb, get_system_setting
 
-localtz = timezone(settings.TIME_ZONE)
+localtz = timezone(get_system_setting('time_zone'))
 
 logging.basicConfig(
     level=logging.DEBUG,

dojo/endpoint/views.py

@@ -17,11 +17,11 @@
 from dojo.forms import EditEndpointForm, \
     DeleteEndpointForm, AddEndpointForm, EndpointMetaDataForm
 from dojo.models import Product, Endpoint, Finding
-from dojo.utils import get_page_items, add_breadcrumb, get_period_counts
+from dojo.utils import get_page_items, add_breadcrumb, get_period_counts, get_system_setting
 from django.contrib.contenttypes.models import ContentType
 from custom_field.models import CustomFieldValue, CustomField
 
-localtz = timezone(settings.TIME_ZONE)
+localtz = timezone(get_system_setting('time_zone'))
 
 logging.basicConfig(
     level=logging.DEBUG,

dojo/engagement/views.py

@@ -26,10 +26,10 @@
     JIRA_PKey, JIRA_Conf, JIRA_Issue, Cred_User, Cred_Mapping
 from dojo.tools.factory import import_parser_factory
 from dojo.utils import get_page_items, add_breadcrumb, handle_uploaded_threat, \
-    FileIterWrapper, get_cal_event, message
+    FileIterWrapper, get_cal_event, message, get_system_setting
 from dojo.tasks import update_epic_task, add_epic_task, close_epic_task
 
-localtz = timezone(settings.TIME_ZONE)
+localtz = timezone(get_system_setting('time_zone'))
 
 logging.basicConfig(
     level=logging.DEBUG,
@@ -141,12 +141,12 @@ def edit_engagement(request, eid):
         except:
             enabled = False
             pass
-        if hasattr(settings, "ENABLE_JIRA"):
-            if settings.ENABLE_JIRA:
-                if JIRA_PKey.objects.filter(product=eng.product).count() != 0:
-                    jform = JIRAFindingForm(prefix='jiraform', enabled=enabled)
-                else:
-                    jform = None
+
+        if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(product=eng.product).count() != 0:
+            jform = JIRAFindingForm(prefix='jiraform', enabled=enabled)
+        else:
+            jform = None
+
     form.initial['tags'] = [tag.name for tag in eng.tags]
     add_breadcrumb(parent=eng, title="Edit Engagement", top_level=False, request=request)
     return render(request, 'dojo/new_eng.html',
@@ -309,7 +309,11 @@ def add_tests(request, eid):
         if form.is_valid():
             new_test = form.save(commit=False)
             new_test.engagement = eng
-            # new_test.lead = User.objects.get(id=form['lead'].value())
+	    try:
+            	new_test.lead = User.objects.get(id=form['lead'].value())
+	    except:
+		new_test.lead = None
+		pass
             new_test.save()
             tags = request.POST.getlist('tags')
             t = ", ".join(tags)
@@ -338,6 +342,8 @@ def add_tests(request, eid):
                 return HttpResponseRedirect(reverse('view_engagement', args=(eng.id,)))
     else:
         form = TestForm()
+	form.initial['target_start'] = eng.target_start
+	form.initial['target_end'] = eng.target_end
     add_breadcrumb(parent=eng, title="Add Tests", top_level=False, request=request)
     return render(request, 'dojo/add_tests.html',
                   {'form': form,