def research_metrics(request): now = timezone.now() findings = Finding.objects.filter( test__test_type__name='Security Research') findings = findings.filter(date__year=now.year, date__month=now.month) verified_month = findings.filter(verified=True) month_all_by_product, month_all_aggregate = count_findings(findings) month_verified_by_product, month_verified_aggregate = count_findings( verified_month) remaining_by_product, remaining_aggregate = count_findings( Finding.objects.filter(mitigated__isnull=True, test__test_type__name='Security Research')) closed_findings = Finding.objects.filter( mitigated__isnull=False, test__test_type__name='Security Research') closed_findings_dict = {'S0': closed_findings.filter(severity='Critical'), 'S1': closed_findings.filter(severity='High'), 'S2': closed_findings.filter(severity='Medium'), 'S3': closed_findings.filter(severity='Low')} time_to_close = {} for sev, finds in list(closed_findings_dict.items()): total = 0 for f in finds: total += (datetime.date(f.mitigated) - f.date).days if finds.count() != 0: time_to_close[sev] = total / finds.count() else: time_to_close[sev] = 'N/A' add_breadcrumb(title="Security Research Metrics", top_level=True, request=request) return render(request, 'dojo/research_metrics.html', { 'user': request.user, 'month_all_by_product': month_all_by_product, 'month_verified_by_product': month_verified_by_product, 'remaining_by_product': remaining_by_product, 'remaining_aggregate': remaining_aggregate, 'time_to_close': time_to_close, })
def research_metrics(request): now = timezone.now() findings = Finding.objects.filter( test__test_type__name='Security Research') findings = findings.filter(date__year=now.year, date__month=now.month) verified_month = findings.filter(verified=True) month_all_by_product, month_all_aggregate = count_findings(findings) month_verified_by_product, month_verified_aggregate = count_findings( verified_month) end_of_week = now + relativedelta(weekday=6, hour=23, minute=59, second=59) day_list = [end_of_week - relativedelta(weeks=1, weekday=x, hour=0, minute=0, second=0) for x in range(end_of_week.weekday())] q_objects = (Q(date=d) for d in day_list) week_findings = Finding.objects.filter(reduce(operator.or_, q_objects)) open_week = week_findings.exclude(mitigated__isnull=False) verified_week = week_findings.filter(verified=True) week_all_by_product, week_all_aggregate = count_findings(week_findings) week_verified_by_product, week_verified_aggregate = count_findings( verified_week) week_remaining_by_product, week_remaining_aggregate = count_findings( open_week) remaining_by_product, remaining_aggregate = count_findings( Finding.objects.filter(mitigated__isnull=True, test__test_type__name='Security Research')) closed_findings = Finding.objects.filter( mitigated__isnull=False, test__test_type__name='Security Research') closed_findings_dict = {'S0': closed_findings.filter(severity='Critical'), 'S1': closed_findings.filter(severity='High'), 'S2': closed_findings.filter(severity='Medium'), 'S3': closed_findings.filter(severity='Low')} time_to_close = {} for sev, finds in closed_findings_dict.items(): total = 0 for f in finds: total += (datetime.date(f.mitigated) - f.date).days if finds.count() != 0: time_to_close[sev] = total / finds.count() else: time_to_close[sev] = 'N/A' add_breadcrumb(title="Security Research Metrics", top_level=True, request=request) return render(request, 'dojo/research_metrics.html', { 'user': request.user, 'month_all_by_product': month_all_by_product, 'month_verified_by_product': month_verified_by_product, 'remaining_by_product': remaining_by_product, 'remaining_aggregate': remaining_aggregate, 'time_to_close': time_to_close, })
def view_engineer(request, eid): user = get_object_or_404(Dojo_User, pk=eid) if not (request.user.is_superuser or request.user.username == 'root' or request.user.username == user.username): return HttpResponseRedirect(reverse('engineer_metrics')) now = timezone.now() findings = Finding.objects.filter(reporter=user, verified=True) closed_findings = Finding.objects.filter(mitigated_by=user) open_findings = findings.exclude(mitigated__isnull=False) open_month = findings.filter(date__year=now.year, date__month=now.month) accepted_month = [finding for ra in Risk_Acceptance.objects.filter( created__range=[datetime(now.year, now.month, 1, tzinfo=timezone.get_current_timezone()), datetime(now.year, now.month, monthrange(now.year, now.month)[1], tzinfo=timezone.get_current_timezone())], reporter=user) for finding in ra.accepted_findings.all()] closed_month = [] for f in closed_findings: if f.mitigated and f.mitigated.year == now.year and f.mitigated.month == now.month: closed_month.append(f) o_dict, open_count = count_findings(open_month) c_dict, closed_count = count_findings(closed_month) a_dict, accepted_count = count_findings(accepted_month) day_list = [now - relativedelta(weeks=1, weekday=x, hour=0, minute=0, second=0) for x in range(now.weekday())] day_list.append(now) q_objects = (Q(date=d) for d in day_list) closed_week = [] open_week = findings.filter(reduce(operator.or_, q_objects)) accepted_week = [finding for ra in Risk_Acceptance.objects.filter( reporter=user, created__range=[day_list[0], day_list[-1]]) for finding in ra.accepted_findings.all()] q_objects = (Q(mitigated=d) for d in day_list) # closed_week= findings.filter(reduce(operator.or_, q_objects)) for f in closed_findings: if f.mitigated and f.mitigated >= day_list[0]: closed_week.append(f) o_week_dict, open_week_count = count_findings(open_week) c_week_dict, closed_week_count = count_findings(closed_week) a_week_dict, accepted_week_count = count_findings(accepted_week) stuff = [] o_stuff = [] a_stuff = [] findings_this_period(findings, 1, stuff, o_stuff, a_stuff) # findings_this_period no longer fits the need for accepted findings # however will use its week finding output to use here for month in a_stuff: month_start = datetime.strptime( month[0].strip(), "%b %Y") month_end = datetime(month_start.year, month_start.month, monthrange( month_start.year, month_start.month)[1], tzinfo=timezone.get_current_timezone()) for finding in [finding for ra in Risk_Acceptance.objects.filter( created__range=[month_start, month_end], reporter=user) for finding in ra.accepted_findings.all()]: if finding.severity == 'Critical': month[1] += 1 if finding.severity == 'High': month[2] += 1 if finding.severity == 'Medium': month[3] += 1 if finding.severity == 'Low': month[4] += 1 month[5] = sum(month[1:]) week_stuff = [] week_o_stuff = [] week_a_stuff = [] findings_this_period(findings, 0, week_stuff, week_o_stuff, week_a_stuff) # findings_this_period no longer fits the need for accepted findings # however will use its week finding output to use here for week in week_a_stuff: wk_range = week[0].split('-') week_start = datetime.strptime( wk_range[0].strip() + " " + str(now.year), "%b %d %Y") week_end = datetime.strptime( wk_range[1].strip() + " " + str(now.year), "%b %d %Y") for finding in [finding for ra in Risk_Acceptance.objects.filter( created__range=[week_start, week_end], reporter=user) for finding in ra.accepted_findings.all()]: if finding.severity == 'Critical': week[1] += 1 if finding.severity == 'High': week[2] += 1 if finding.severity == 'Medium': week[3] += 1 if finding.severity == 'Low': week[4] += 1 week[5] = sum(week[1:]) products = Product.objects.all() vulns = {} for product in products: f_count = 0 engs = Engagement.objects.filter(product=product) for eng in engs: tests = Test.objects.filter(engagement=eng) for test in tests: f_count += findings.filter(test=test, mitigated__isnull=True, active=True).count() vulns[product.id] = f_count od = OrderedDict(sorted(vulns.items(), key=itemgetter(1))) items = od.items() items.reverse() top = items[: 10] update = [] for t in top: product = t[0] z_count = 0 o_count = 0 t_count = 0 h_count = 0 engs = Engagement.objects.filter( product=Product.objects.get(id=product)) for eng in engs: tests = Test.objects.filter(engagement=eng) for test in tests: z_count += findings.filter( test=test, mitigated__isnull=True, severity='Critical' ).count() o_count += findings.filter( test=test, mitigated__isnull=True, severity='High' ).count() t_count += findings.filter( test=test, mitigated__isnull=True, severity='Medium' ).count() h_count += findings.filter( test=test, mitigated__isnull=True, severity='Low' ).count() prod = Product.objects.get(id=product) all_findings_link = "<a href='%s'>%s</a>" % ( reverse('view_product_findings', args=(prod.id,)), escape(prod.name)) update.append([all_findings_link, z_count, o_count, t_count, h_count, z_count + o_count + t_count + h_count]) total_update = [] for i in items: product = i[0] z_count = 0 o_count = 0 t_count = 0 h_count = 0 engs = Engagement.objects.filter( product=Product.objects.get(id=product)) for eng in engs: tests = Test.objects.filter(engagement=eng) for test in tests: z_count += findings.filter( test=test, mitigated__isnull=True, severity='Critical').count() o_count += findings.filter( test=test, mitigated__isnull=True, severity='High').count() t_count += findings.filter( test=test, mitigated__isnull=True, severity='Medium').count() h_count += findings.filter( test=test, mitigated__isnull=True, severity='Low').count() prod = Product.objects.get(id=product) all_findings_link = "<a href='%s'>%s</a>" % ( reverse('view_product_findings', args=(prod.id,)), escape(prod.name)) total_update.append([all_findings_link, z_count, o_count, t_count, h_count, z_count + o_count + t_count + h_count]) neg_length = len(stuff) findz = findings.filter(mitigated__isnull=True, active=True, test__engagement__risk_acceptance=None) findz = findz.filter(Q(severity="Critical") | Q(severity="High")) less_thirty = 0 less_sixty = 0 less_nine = 0 more_nine = 0 for finding in findz: elapsed = date.today() - finding.date if elapsed <= timedelta(days=30): less_thirty += 1 elif elapsed <= timedelta(days=60): less_sixty += 1 elif elapsed <= timedelta(days=90): less_nine += 1 else: more_nine += 1 # Data for the monthly charts chart_data = [['Date', 'S0', 'S1', 'S2', 'S3', 'Total']] for thing in o_stuff: chart_data.insert(1, thing) a_chart_data = [['Date', 'S0', 'S1', 'S2', 'S3', 'Total']] for thing in a_stuff: a_chart_data.insert(1, thing) # Data for the weekly charts week_chart_data = [['Date', 'S0', 'S1', 'S2', 'S3', 'Total']] for thing in week_o_stuff: week_chart_data.insert(1, thing) week_a_chart_data = [['Date', 'S0', 'S1', 'S2', 'S3', 'Total']] for thing in week_a_stuff: week_a_chart_data.insert(1, thing) details = [] for find in open_findings: team = find.test.engagement.product.prod_type.name name = find.test.engagement.product.name severity = find.severity description = find.title life = date.today() - find.date life = life.days status = 'Active' if len(find.risk_acceptance_set.all()) > 0: status = 'Accepted' detail = [team, name, severity, description, life, status, find.reporter] details.append(detail) details = sorted(details, key=lambda x: x[2]) add_breadcrumb(title="%s Metrics" % user.get_full_name(), top_level=False, request=request) return render(request, 'dojo/view_engineer.html', { 'open_month': open_month, 'a_month': accepted_month, 'low_a_month': accepted_count["low"], 'medium_a_month': accepted_count["med"], 'high_a_month': accepted_count["high"], 'critical_a_month': accepted_count["crit"], 'closed_month': closed_month, 'low_open_month': open_count["low"], 'medium_open_month': open_count["med"], 'high_open_month': open_count["high"], 'critical_open_month': open_count["crit"], 'low_c_month': closed_count["low"], 'medium_c_month': closed_count["med"], 'high_c_month': closed_count["high"], 'critical_c_month': closed_count["crit"], 'week_stuff': week_stuff, 'week_a_stuff': week_a_stuff, 'a_total': a_stuff, 'total': stuff, 'sub': neg_length, 'update': update, 'lt': less_thirty, 'ls': less_sixty, 'ln': less_nine, 'mn': more_nine, 'chart_data': chart_data, 'a_chart_data': a_chart_data, 'week_chart_data': week_chart_data, 'week_a_chart_data': week_a_chart_data, 'name': '%s Metrics' % user.get_full_name(), 'metric': True, 'total_update': total_update, 'details': details, 'open_week': open_week, 'closed_week': closed_week, 'accepted_week': accepted_week, 'a_dict': a_dict, 'o_dict': o_dict, 'c_dict': c_dict, 'o_week_dict': o_week_dict, 'a_week_dict': a_week_dict, 'c_week_dict': c_week_dict, 'open_week_count': open_week_count, 'accepted_week_count': accepted_week_count, 'closed_week_count': closed_week_count, 'user': request.user, })
def view_engineer(request, eid): user = get_object_or_404(Dojo_User, pk=eid) if not (request.user.is_superuser or request.user.username == 'root' or request.user.username == user.username): return HttpResponseRedirect(reverse('engineer_metrics')) now = timezone.now() findings = Finding.objects.filter(reporter=user, verified=True) closed_findings = Finding.objects.filter(mitigated_by=user) open_findings = findings.exclude(mitigated__isnull=False) open_month = findings.filter(date__year=now.year, date__month=now.month) accepted_month = [ finding for ra in Risk_Acceptance.objects.filter(created__range=[ datetime( now.year, now.month, 1, tzinfo=timezone.get_current_timezone()), datetime(now.year, now.month, monthrange(now.year, now.month)[1], tzinfo=timezone.get_current_timezone()) ], reporter=user) for finding in ra.accepted_findings.all() ] closed_month = [] for f in closed_findings: if f.mitigated and f.mitigated.year == now.year and f.mitigated.month == now.month: closed_month.append(f) o_dict, open_count = count_findings(open_month) c_dict, closed_count = count_findings(closed_month) a_dict, accepted_count = count_findings(accepted_month) day_list = [ now - relativedelta(weeks=1, weekday=x, hour=0, minute=0, second=0) for x in range(now.weekday()) ] day_list.append(now) q_objects = (Q(date=d) for d in day_list) closed_week = [] open_week = findings.filter(reduce(operator.or_, q_objects)) accepted_week = [ finding for ra in Risk_Acceptance.objects.filter( reporter=user, created__range=[day_list[0], day_list[-1]]) for finding in ra.accepted_findings.all() ] q_objects = (Q(mitigated=d) for d in day_list) # closed_week= findings.filter(reduce(operator.or_, q_objects)) for f in closed_findings: if f.mitigated and f.mitigated >= day_list[0]: closed_week.append(f) o_week_dict, open_week_count = count_findings(open_week) c_week_dict, closed_week_count = count_findings(closed_week) a_week_dict, accepted_week_count = count_findings(accepted_week) stuff = [] o_stuff = [] a_stuff = [] findings_this_period(findings, 1, stuff, o_stuff, a_stuff) # findings_this_period no longer fits the need for accepted findings # however will use its week finding output to use here for month in a_stuff: month_start = datetime.strptime(month[0].strip(), "%b %Y") month_end = datetime(month_start.year, month_start.month, monthrange(month_start.year, month_start.month)[1], tzinfo=timezone.get_current_timezone()) for finding in [ finding for ra in Risk_Acceptance.objects.filter( created__range=[month_start, month_end], reporter=user) for finding in ra.accepted_findings.all() ]: if finding.severity == 'Critical': month[1] += 1 if finding.severity == 'High': month[2] += 1 if finding.severity == 'Medium': month[3] += 1 if finding.severity == 'Low': month[4] += 1 month[5] = sum(month[1:]) week_stuff = [] week_o_stuff = [] week_a_stuff = [] findings_this_period(findings, 0, week_stuff, week_o_stuff, week_a_stuff) # findings_this_period no longer fits the need for accepted findings # however will use its week finding output to use here for week in week_a_stuff: wk_range = week[0].split('-') week_start = datetime.strptime( wk_range[0].strip() + " " + str(now.year), "%b %d %Y") week_end = datetime.strptime(wk_range[1].strip() + " " + str(now.year), "%b %d %Y") for finding in [ finding for ra in Risk_Acceptance.objects.filter( created__range=[week_start, week_end], reporter=user) for finding in ra.accepted_findings.all() ]: if finding.severity == 'Critical': week[1] += 1 if finding.severity == 'High': week[2] += 1 if finding.severity == 'Medium': week[3] += 1 if finding.severity == 'Low': week[4] += 1 week[5] = sum(week[1:]) products = Product.objects.all() vulns = {} for product in products: f_count = 0 engs = Engagement.objects.filter(product=product) for eng in engs: tests = Test.objects.filter(engagement=eng) for test in tests: f_count += findings.filter(test=test, mitigated__isnull=True, active=True).count() vulns[product.id] = f_count od = OrderedDict(sorted(vulns.items(), key=itemgetter(1))) items = od.items() items.reverse() top = items[:10] update = [] for t in top: product = t[0] z_count = 0 o_count = 0 t_count = 0 h_count = 0 engs = Engagement.objects.filter(product=Product.objects.get( id=product)) for eng in engs: tests = Test.objects.filter(engagement=eng) for test in tests: z_count += findings.filter(test=test, mitigated__isnull=True, severity='Critical').count() o_count += findings.filter(test=test, mitigated__isnull=True, severity='High').count() t_count += findings.filter(test=test, mitigated__isnull=True, severity='Medium').count() h_count += findings.filter(test=test, mitigated__isnull=True, severity='Low').count() prod = Product.objects.get(id=product) all_findings_link = "<a href='%s'>%s</a>" % (reverse( 'view_product_findings', args=(prod.id, )), escape(prod.name)) update.append([ all_findings_link, z_count, o_count, t_count, h_count, z_count + o_count + t_count + h_count ]) total_update = [] for i in items: product = i[0] z_count = 0 o_count = 0 t_count = 0 h_count = 0 engs = Engagement.objects.filter(product=Product.objects.get( id=product)) for eng in engs: tests = Test.objects.filter(engagement=eng) for test in tests: z_count += findings.filter(test=test, mitigated__isnull=True, severity='Critical').count() o_count += findings.filter(test=test, mitigated__isnull=True, severity='High').count() t_count += findings.filter(test=test, mitigated__isnull=True, severity='Medium').count() h_count += findings.filter(test=test, mitigated__isnull=True, severity='Low').count() prod = Product.objects.get(id=product) all_findings_link = "<a href='%s'>%s</a>" % (reverse( 'view_product_findings', args=(prod.id, )), escape(prod.name)) total_update.append([ all_findings_link, z_count, o_count, t_count, h_count, z_count + o_count + t_count + h_count ]) neg_length = len(stuff) findz = findings.filter(mitigated__isnull=True, active=True, test__engagement__risk_acceptance=None) findz = findz.filter(Q(severity="Critical") | Q(severity="High")) less_thirty = 0 less_sixty = 0 less_nine = 0 more_nine = 0 for finding in findz: elapsed = date.today() - finding.date if elapsed <= timedelta(days=30): less_thirty += 1 elif elapsed <= timedelta(days=60): less_sixty += 1 elif elapsed <= timedelta(days=90): less_nine += 1 else: more_nine += 1 # Data for the monthly charts chart_data = [['Date', 'S0', 'S1', 'S2', 'S3', 'Total']] for thing in o_stuff: chart_data.insert(1, thing) a_chart_data = [['Date', 'S0', 'S1', 'S2', 'S3', 'Total']] for thing in a_stuff: a_chart_data.insert(1, thing) # Data for the weekly charts week_chart_data = [['Date', 'S0', 'S1', 'S2', 'S3', 'Total']] for thing in week_o_stuff: week_chart_data.insert(1, thing) week_a_chart_data = [['Date', 'S0', 'S1', 'S2', 'S3', 'Total']] for thing in week_a_stuff: week_a_chart_data.insert(1, thing) details = [] for find in open_findings: team = find.test.engagement.product.prod_type.name name = find.test.engagement.product.name severity = find.severity description = find.title life = date.today() - find.date life = life.days status = 'Active' if len(find.risk_acceptance_set.all()) > 0: status = 'Accepted' detail = [ team, name, severity, description, life, status, find.reporter ] details.append(detail) details = sorted(details, key=lambda x: x[2]) add_breadcrumb(title="%s Metrics" % user.get_full_name(), top_level=False, request=request) return render( request, 'dojo/view_engineer.html', { 'open_month': open_month, 'a_month': accepted_month, 'low_a_month': accepted_count["low"], 'medium_a_month': accepted_count["med"], 'high_a_month': accepted_count["high"], 'critical_a_month': accepted_count["crit"], 'closed_month': closed_month, 'low_open_month': open_count["low"], 'medium_open_month': open_count["med"], 'high_open_month': open_count["high"], 'critical_open_month': open_count["crit"], 'low_c_month': closed_count["low"], 'medium_c_month': closed_count["med"], 'high_c_month': closed_count["high"], 'critical_c_month': closed_count["crit"], 'week_stuff': week_stuff, 'week_a_stuff': week_a_stuff, 'a_total': a_stuff, 'total': stuff, 'sub': neg_length, 'update': update, 'lt': less_thirty, 'ls': less_sixty, 'ln': less_nine, 'mn': more_nine, 'chart_data': chart_data, 'a_chart_data': a_chart_data, 'week_chart_data': week_chart_data, 'week_a_chart_data': week_a_chart_data, 'name': '%s Metrics' % user.get_full_name(), 'metric': True, 'total_update': total_update, 'details': details, 'open_week': open_week, 'closed_week': closed_week, 'accepted_week': accepted_week, 'a_dict': a_dict, 'o_dict': o_dict, 'c_dict': c_dict, 'o_week_dict': o_week_dict, 'a_week_dict': a_week_dict, 'c_week_dict': c_week_dict, 'open_week_count': open_week_count, 'accepted_week_count': accepted_week_count, 'closed_week_count': closed_week_count, 'user': request.user, })