def dashboard(request: HttpRequest) -> HttpResponse: if request.user.is_staff: engagements = Engagement.objects.all() findings = Finding.objects.all() else: engagements = Engagement.objects.filter( Q(product__authorized_users=request.user) | Q(product__prod_type__authorized_users=request.user)).distinct() findings = Finding.objects.filter( Q(test__engagement__product__authorized_users=request.user) | Q(test__engagement__product__prod_type__authorized_users=request. user)).distinct() findings = findings.filter(duplicate=False) engagement_count = engagements.filter(active=True).count() today = timezone.now().date() date_range = [today - timedelta(days=6), today] # 7 days (6 days plus today) finding_count = findings\ .filter(created__date__range=date_range)\ .count() mitigated_count = findings\ .filter(mitigated__date__range=date_range)\ .count() accepted_count = findings\ .filter(risk_acceptance__created__date__range=date_range)\ .count() severity_count_all = get_severities_all(findings) severity_count_by_month = get_severities_by_month(findings, today) punchcard, ticks = get_punchcard_data(findings, today - relativedelta(weeks=26), 26) unassigned_surveys = Answered_Survey.objects.filter( assignee_id__isnull=True, completed__gt=0) add_breadcrumb(request=request, clear=True) return render( request, 'dojo/dashboard.html', { 'engagement_count': engagement_count, 'finding_count': finding_count, 'mitigated_count': mitigated_count, 'accepted_count': accepted_count, 'critical': severity_count_all['Critical'], 'high': severity_count_all['High'], 'medium': severity_count_all['Medium'], 'low': severity_count_all['Low'], 'info': severity_count_all['Info'], 'by_month': severity_count_by_month, 'punchcard': punchcard, 'ticks': ticks, 'surveys': unassigned_surveys, })
def dashboard(request: HttpRequest) -> HttpResponse: engagements = get_authorized_engagements(Permissions.Engagement_View).distinct() findings = get_authorized_findings(Permissions.Finding_View).distinct() findings = findings.filter(duplicate=False) engagement_count = engagements.filter(active=True).count() today = timezone.now().date() date_range = [today - timedelta(days=6), today] # 7 days (6 days plus today) finding_count = findings\ .filter(created__date__range=date_range)\ .count() mitigated_count = findings\ .filter(mitigated__date__range=date_range)\ .count() accepted_count = findings\ .filter(risk_acceptance__created__date__range=date_range)\ .count() severity_count_all = get_severities_all(findings) severity_count_by_month = get_severities_by_month(findings, today) punchcard, ticks = get_punchcard_data(findings, today - relativedelta(weeks=26), 26) if user_has_configuration_permission(request.user, 'dojo.view_engagement_survey', 'staff'): unassigned_surveys = Answered_Survey.objects.filter(assignee_id__isnull=True, completed__gt=0, ) \ .filter(Q(engagement__isnull=True) | Q(engagement__in=engagements)) else: unassigned_surveys = None if request.user.is_superuser and not settings.FEATURE_CONFIGURATION_AUTHORIZATION: message = '''Legacy authorization for changing configurations based on staff users will be removed with version 2.12.0 / 5. July 2022. If you have set `FEATURE_CONFIGURATION_AUTHORIZATION` to `False` in your local configuration, remove this local setting and start using the new authorization.''' messages.add_message(request, messages.WARNING, message, extra_tags='alert-warning') add_breadcrumb(request=request, clear=True) return render(request, 'dojo/dashboard.html', { 'engagement_count': engagement_count, 'finding_count': finding_count, 'mitigated_count': mitigated_count, 'accepted_count': accepted_count, 'critical': severity_count_all['Critical'], 'high': severity_count_all['High'], 'medium': severity_count_all['Medium'], 'low': severity_count_all['Low'], 'info': severity_count_all['Info'], 'by_month': severity_count_by_month, 'punchcard': punchcard, 'ticks': ticks, 'surveys': unassigned_surveys, })
def dashboard(request: HttpRequest) -> HttpResponse: engagements = get_authorized_engagements(Permissions.Engagement_View).distinct() findings = get_authorized_findings(Permissions.Finding_View).distinct() findings = findings.filter(duplicate=False) engagement_count = engagements.filter(active=True).count() today = timezone.now().date() date_range = [today - timedelta(days=6), today] # 7 days (6 days plus today) finding_count = findings\ .filter(created__date__range=date_range)\ .count() mitigated_count = findings\ .filter(mitigated__date__range=date_range)\ .count() accepted_count = findings\ .filter(risk_acceptance__created__date__range=date_range)\ .count() severity_count_all = get_severities_all(findings) severity_count_by_month = get_severities_by_month(findings, today) punchcard, ticks = get_punchcard_data(findings, today - relativedelta(weeks=26), 26) if user_has_configuration_permission(request.user, 'dojo.view_engagement_survey', 'staff'): unassigned_surveys = Answered_Survey.objects.filter(assignee_id__isnull=True, completed__gt=0, ) \ .filter(Q(engagement__isnull=True) | Q(engagement__in=engagements)) else: unassigned_surveys = None add_breadcrumb(request=request, clear=True) return render(request, 'dojo/dashboard.html', { 'engagement_count': engagement_count, 'finding_count': finding_count, 'mitigated_count': mitigated_count, 'accepted_count': accepted_count, 'critical': severity_count_all['Critical'], 'high': severity_count_all['High'], 'medium': severity_count_all['Medium'], 'low': severity_count_all['Low'], 'info': severity_count_all['Info'], 'by_month': severity_count_by_month, 'punchcard': punchcard, 'ticks': ticks, 'surveys': unassigned_surveys, })
def dashboard(request): now = timezone.now() seven_days_ago = now - timedelta(days=7) if request.user.is_superuser: engagement_count = Engagement.objects.filter(active=True).count() finding_count = Finding.objects.filter( verified=True, mitigated=None, date__range=[seven_days_ago, now]).count() mitigated_count = Finding.objects.filter( mitigated__range=[seven_days_ago, now]).count() accepted_count = len([ finding for ra in Risk_Acceptance.objects.filter( reporter=request.user, created__range=[seven_days_ago, now]) for finding in ra.accepted_findings.all() ]) # forever counts findings = Finding.objects.filter(verified=True) else: engagement_count = Engagement.objects.filter(lead=request.user, active=True).count() finding_count = Finding.objects.filter( reporter=request.user, verified=True, mitigated=None, date__range=[seven_days_ago, now]).count() mitigated_count = Finding.objects.filter( mitigated_by=request.user, mitigated__range=[seven_days_ago, now]).count() accepted_count = len([ finding for ra in Risk_Acceptance.objects.filter( reporter=request.user, created__range=[seven_days_ago, now]) for finding in ra.accepted_findings.all() ]) # forever counts findings = Finding.objects.filter(reporter=request.user, verified=True) sev_counts = {'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0} for finding in findings: if finding.severity: sev_counts[finding.severity] += 1 by_month = list() dates_to_use = [ now, now - relativedelta(months=1), now - relativedelta(months=2), now - relativedelta(months=3), now - relativedelta(months=4), now - relativedelta(months=5), now - relativedelta(months=6) ] for date_to_use in dates_to_use: sourcedata = { 'y': date_to_use.strftime("%Y-%m"), 'a': 0, 'b': 0, 'c': 0, 'd': 0, 'e': 0 } for finding in Finding.objects.filter( reporter=request.user, verified=True, date__range=[ datetime(date_to_use.year, date_to_use.month, 1, tzinfo=timezone.get_current_timezone()), datetime(date_to_use.year, date_to_use.month, monthrange(date_to_use.year, date_to_use.month)[1], tzinfo=timezone.get_current_timezone()) ]): if finding.severity == 'Critical': sourcedata['a'] += 1 elif finding.severity == 'High': sourcedata['b'] += 1 elif finding.severity == 'Medium': sourcedata['c'] += 1 elif finding.severity == 'Low': sourcedata['d'] += 1 elif finding.severity == 'Info': sourcedata['e'] += 1 by_month.append(sourcedata) start_date = now - timedelta(days=180) r = relativedelta(now, start_date) weeks_between = int( ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7))) if weeks_between <= 0: weeks_between += 2 punchcard, ticks, highest_count = get_punchcard_data( findings, weeks_between, start_date) add_breadcrumb(request=request, clear=True) return render( request, 'dojo/dashboard.html', { 'engagement_count': engagement_count, 'finding_count': finding_count, 'mitigated_count': mitigated_count, 'accepted_count': accepted_count, 'critical': sev_counts['Critical'], 'high': sev_counts['High'], 'medium': sev_counts['Medium'], 'low': sev_counts['Low'], 'info': sev_counts['Info'], 'by_month': by_month, 'punchcard': punchcard, 'ticks': ticks, 'highest_count': highest_count })
def metrics(request, mtype): template = 'dojo/metrics.html' page_name = 'Product Type Metrics' show_pt_filter = True findings = Finding.objects.filter(verified=True, severity__in=('Critical', 'High', 'Medium', 'Low', 'Info')).prefetch_related( 'test__engagement__product', 'test__engagement__product__prod_type', 'test__engagement__risk_acceptance', 'risk_acceptance_set', 'reporter').extra( select={ 'ra_count': 'SELECT COUNT(*) FROM dojo_risk_acceptance INNER JOIN ' 'dojo_risk_acceptance_accepted_findings ON ' '( dojo_risk_acceptance.id = dojo_risk_acceptance_accepted_findings.risk_acceptance_id ) ' 'WHERE dojo_risk_acceptance_accepted_findings.finding_id = dojo_finding.id', }, ) active_findings = Finding.objects.filter(verified=True, active=True, severity__in=('Critical', 'High', 'Medium', 'Low', 'Info')).prefetch_related( 'test__engagement__product', 'test__engagement__product__prod_type', 'test__engagement__risk_acceptance', 'risk_acceptance_set', 'reporter').extra( select={ 'ra_count': 'SELECT COUNT(*) FROM dojo_risk_acceptance INNER JOIN ' 'dojo_risk_acceptance_accepted_findings ON ' '( dojo_risk_acceptance.id = dojo_risk_acceptance_accepted_findings.risk_acceptance_id ) ' 'WHERE dojo_risk_acceptance_accepted_findings.finding_id = dojo_finding.id', }, ) if mtype != 'All': pt = Product_Type.objects.filter(id=mtype) request.GET._mutable = True request.GET.appendlist('test__engagement__product__prod_type', mtype) request.GET._mutable = False mtype = pt[0].name show_pt_filter = False page_name = '%s Metrics' % mtype prod_type = pt elif 'test__engagement__product__prod_type' in request.GET: prod_type = Product_Type.objects.filter(id__in=request.GET.getlist('test__engagement__product__prod_type', [])) else: prod_type = Product_Type.objects.all() findings = MetricsFindingFilter(request.GET, queryset=findings) active_findings = MetricsFindingFilter(request.GET, queryset=active_findings) findings.qs # this is needed to load details from filter since it is lazy active_findings.qs # this is needed to load details from filter since it is lazy start_date = findings.filters['date'].start_date start_date = datetime(start_date.year, start_date.month, start_date.day, tzinfo=timezone.get_current_timezone()) end_date = findings.filters['date'].end_date end_date = datetime(end_date.year, end_date.month, end_date.day, tzinfo=timezone.get_current_timezone()) if len(prod_type) > 0: findings_closed = Finding.objects.filter(mitigated__range=[start_date, end_date], test__engagement__product__prod_type__in=prod_type).prefetch_related( 'test__engagement__product') # capture the accepted findings in period accepted_findings = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date], test__engagement__product__prod_type__in=prod_type). \ prefetch_related('test__engagement__product') accepted_findings_counts = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date], test__engagement__product__prod_type__in=prod_type). \ prefetch_related('test__engagement__product').aggregate( total=Sum( Case(When(severity__in=('Critical', 'High', 'Medium', 'Low'), then=Value(1)), output_field=IntegerField())), critical=Sum( Case(When(severity='Critical', then=Value(1)), output_field=IntegerField())), high=Sum( Case(When(severity='High', then=Value(1)), output_field=IntegerField())), medium=Sum( Case(When(severity='Medium', then=Value(1)), output_field=IntegerField())), low=Sum( Case(When(severity='Low', then=Value(1)), output_field=IntegerField())), info=Sum( Case(When(severity='Info', then=Value(1)), output_field=IntegerField())), ) else: findings_closed = Finding.objects.filter(mitigated__range=[start_date, end_date]).prefetch_related( 'test__engagement__product') accepted_findings = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date]). \ prefetch_related('test__engagement__product') accepted_findings_counts = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date]). \ prefetch_related('test__engagement__product').aggregate( total=Sum( Case(When(severity__in=('Critical', 'High', 'Medium', 'Low'), then=Value(1)), output_field=IntegerField())), critical=Sum( Case(When(severity='Critical', then=Value(1)), output_field=IntegerField())), high=Sum( Case(When(severity='High', then=Value(1)), output_field=IntegerField())), medium=Sum( Case(When(severity='Medium', then=Value(1)), output_field=IntegerField())), low=Sum( Case(When(severity='Low', then=Value(1)), output_field=IntegerField())), info=Sum( Case(When(severity='Info', then=Value(1)), output_field=IntegerField())), ) r = relativedelta(end_date, start_date) months_between = (r.years * 12) + r.months # include current month months_between += 1 weeks_between = int(ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7))) if weeks_between <= 0: weeks_between += 2 monthly_counts = get_period_counts(active_findings.qs, findings.qs, findings_closed, accepted_findings, months_between, start_date, relative_delta='months') weekly_counts = get_period_counts(active_findings.qs, findings.qs, findings_closed, accepted_findings, weeks_between, start_date, relative_delta='weeks') top_ten = Product.objects.filter(engagement__test__finding__verified=True, engagement__test__finding__false_p=False, engagement__test__finding__duplicate=False, engagement__test__finding__out_of_scope=False, engagement__test__finding__mitigated__isnull=True, engagement__test__finding__severity__in=( 'Critical', 'High', 'Medium', 'Low'), prod_type__in=prod_type).annotate( critical=Sum( Case(When(engagement__test__finding__severity='Critical', then=Value(1)), output_field=IntegerField()) ), high=Sum( Case(When(engagement__test__finding__severity='High', then=Value(1)), output_field=IntegerField()) ), medium=Sum( Case(When(engagement__test__finding__severity='Medium', then=Value(1)), output_field=IntegerField()) ), low=Sum( Case(When(engagement__test__finding__severity='Low', then=Value(1)), output_field=IntegerField()) ), total=Sum( Case(When(engagement__test__finding__severity__in=( 'Critical', 'High', 'Medium', 'Low'), then=Value(1)), output_field=IntegerField())) ).order_by('-critical', '-high', '-medium', '-low')[:10] age_detail = [0, 0, 0, 0] in_period_counts = {"Critical": 0, "High": 0, "Medium": 0, "Low": 0, "Info": 0, "Total": 0} in_period_details = {} closed_in_period_counts = {"Critical": 0, "High": 0, "Medium": 0, "Low": 0, "Info": 0, "Total": 0} closed_in_period_details = {} accepted_in_period_details = {} for finding in findings.qs: if 0 <= finding.age <= 30: age_detail[0] += 1 elif 30 < finding.age <= 60: age_detail[1] += 1 elif 60 < finding.age <= 90: age_detail[2] += 1 elif finding.age > 90: age_detail[3] += 1 in_period_counts[finding.severity] += 1 in_period_counts['Total'] += 1 if finding.test.engagement.product.name not in in_period_details: in_period_details[finding.test.engagement.product.name] = { 'path': reverse('view_product_findings', args=(finding.test.engagement.product.id,)), 'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0, 'Total': 0} in_period_details[ finding.test.engagement.product.name ][finding.severity] += 1 in_period_details[finding.test.engagement.product.name]['Total'] += 1 for finding in accepted_findings: if finding.test.engagement.product.name not in accepted_in_period_details: accepted_in_period_details[finding.test.engagement.product.name] = { 'path': reverse('accepted_findings') + '?test__engagement__product=' + str( finding.test.engagement.product.id), 'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0, 'Total': 0} accepted_in_period_details[ finding.test.engagement.product.name ][finding.severity] += 1 accepted_in_period_details[finding.test.engagement.product.name]['Total'] += 1 for f in findings_closed: closed_in_period_counts[f.severity] += 1 closed_in_period_counts['Total'] += 1 if f.test.engagement.product.name not in closed_in_period_details: closed_in_period_details[f.test.engagement.product.name] = { 'path': reverse('closed_findings') + '?test__engagement__product=' + str( f.test.engagement.product.id), 'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0, 'Total': 0} closed_in_period_details[ f.test.engagement.product.name ][f.severity] += 1 closed_in_period_details[f.test.engagement.product.name]['Total'] += 1 punchcard = list() ticks = list() highest_count = 0 if 'view' in request.GET and 'dashboard' == request.GET['view']: punchcard, ticks, highest_count = get_punchcard_data(findings.qs, weeks_between, start_date) page_name = (get_system_setting('team_name')) + " Metrics" template = 'dojo/dashboard-metrics.html' add_breadcrumb(title=page_name, top_level=not len(request.GET), request=request) return render(request, template, { 'name': page_name, 'start_date': start_date, 'end_date': end_date, 'findings': findings, 'opened_per_month': monthly_counts['opened_per_period'], 'active_per_month': monthly_counts['active_per_period'], 'opened_per_week': weekly_counts['opened_per_period'], 'accepted_per_month': monthly_counts['accepted_per_period'], 'accepted_per_week': weekly_counts['accepted_per_period'], 'top_ten_products': top_ten, 'age_detail': age_detail, 'in_period_counts': in_period_counts, 'in_period_details': in_period_details, 'accepted_in_period_counts': accepted_findings_counts, 'accepted_in_period_details': accepted_in_period_details, 'closed_in_period_counts': closed_in_period_counts, 'closed_in_period_details': closed_in_period_details, 'punchcard': punchcard, 'ticks': ticks, 'highest_count': highest_count, 'show_pt_filter': show_pt_filter, })
def view_product_metrics(request, pid): prod = get_object_or_404(Product, id=pid) engs = Engagement.objects.filter(product=prod, active=True) result = EngagementFilter(request.GET, queryset=Engagement.objects.filter( product=prod, active=False).order_by('-target_end')) i_engs_page = get_page_items(request, result.qs, 10) scan_sets = ScanSettings.objects.filter(product=prod) auth = request.user.is_staff or request.user in prod.authorized_users.all() if not auth: # will render 403 raise PermissionDenied ct = ContentType.objects.get_for_model(prod) product_cf = CustomField.objects.filter(content_type=ct) product_metadata = {} for cf in product_cf: cfv = CustomFieldValue.objects.filter(field=cf, object_id=prod.id) if len(cfv): product_metadata[cf.name] = cfv[0].value try: start_date = Finding.objects.filter( test__engagement__product=prod).order_by('date')[:1][0].date except: start_date = timezone.now() end_date = timezone.now() tests = Test.objects.filter(engagement__product=prod) risk_acceptances = Risk_Acceptance.objects.filter( engagement__in=Engagement.objects.filter(product=prod)) accepted_findings = [ finding for ra in risk_acceptances for finding in ra.accepted_findings.all() ] verified_findings = Finding.objects.filter( test__engagement__product=prod, date__range=[start_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False).order_by("date") week_date = end_date - timedelta( days=7) # seven days and /newnewer are considered "new" new_verified_findings = Finding.objects.filter( test__engagement__product=prod, date__range=[week_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False).order_by("date") open_findings = Finding.objects.filter(test__engagement__product=prod, date__range=[start_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False, active=True, mitigated__isnull=True) closed_findings = Finding.objects.filter( test__engagement__product=prod, date__range=[start_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False, mitigated__isnull=False) start_date = timezone.make_aware( datetime.combine(start_date, datetime.min.time())) r = relativedelta(end_date, start_date) weeks_between = int( ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7))) if weeks_between <= 0: weeks_between += 2 punchcard, ticks, highest_count = get_punchcard_data( verified_findings, weeks_between, start_date) add_breadcrumb(parent=prod, top_level=False, request=request) open_close_weekly = OrderedDict() new_weekly = OrderedDict() severity_weekly = OrderedDict() critical_weekly = OrderedDict() high_weekly = OrderedDict() medium_weekly = OrderedDict() for v in verified_findings: iso_cal = v.date.isocalendar() x = iso_to_gregorian(iso_cal[0], iso_cal[1], 1) y = x.strftime("<span class='small'>%m/%d<br/>%Y</span>") x = (tcalendar.timegm(x.timetuple()) * 1000) if x not in critical_weekly: critical_weekly[x] = {'count': 0, 'week': y} if x not in high_weekly: high_weekly[x] = {'count': 0, 'week': y} if x not in medium_weekly: medium_weekly[x] = {'count': 0, 'week': y} if x in open_close_weekly: if v.mitigated: open_close_weekly[x]['closed'] += 1 else: open_close_weekly[x]['open'] += 1 else: if v.mitigated: open_close_weekly[x] = {'closed': 1, 'open': 0, 'accepted': 0} else: open_close_weekly[x] = {'closed': 0, 'open': 1, 'accepted': 0} open_close_weekly[x]['week'] = y if x in severity_weekly: if v.severity in severity_weekly[x]: severity_weekly[x][v.severity] += 1 else: severity_weekly[x][v.severity] = 1 else: severity_weekly[x] = { 'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0 } severity_weekly[x][v.severity] = 1 severity_weekly[x]['week'] = y if v.severity == 'Critical': if x in critical_weekly: critical_weekly[x]['count'] += 1 else: critical_weekly[x] = {'count': 1, 'week': y} elif v.severity == 'High': if x in high_weekly: high_weekly[x]['count'] += 1 else: high_weekly[x] = {'count': 1, 'week': y} elif v.severity == 'Medium': if x in medium_weekly: medium_weekly[x]['count'] += 1 else: medium_weekly[x] = {'count': 1, 'week': y} for a in accepted_findings: iso_cal = a.date.isocalendar() x = iso_to_gregorian(iso_cal[0], iso_cal[1], 1) y = x.strftime("<span class='small'>%m/%d<br/>%Y</span>") x = (tcalendar.timegm(x.timetuple()) * 1000) if x in open_close_weekly: open_close_weekly[x]['accepted'] += 1 else: open_close_weekly[x] = {'closed': 0, 'open': 0, 'accepted': 1} open_close_weekly[x]['week'] = y test_data = {} for t in tests: if t.test_type.name in test_data: test_data[t.test_type.name] += t.verified_finding_count() else: test_data[t.test_type.name] = t.verified_finding_count() product_tab = Product_Tab(pid, title="Product", tab="metrics") return render( request, 'dojo/product_metrics.html', { 'prod': prod, 'product_tab': product_tab, 'product_metadata': product_metadata, 'engs': engs, 'i_engs': i_engs_page, 'scan_sets': scan_sets, 'verified_findings': verified_findings, 'open_findings': open_findings, 'closed_findings': closed_findings, 'accepted_findings': accepted_findings, 'new_findings': new_verified_findings, 'start_date': start_date, 'punchcard': punchcard, 'ticks': ticks, 'highest_count': highest_count, 'open_close_weekly': open_close_weekly, 'severity_weekly': severity_weekly, 'critical_weekly': critical_weekly, 'high_weekly': high_weekly, 'medium_weekly': medium_weekly, 'test_data': test_data, 'user': request.user, 'authorized': auth })
def dashboard(request): now = timezone.now() seven_days_ago = now - timedelta(days=6) # 6 days plus today if request.user.is_superuser: engagement_count = Engagement.objects.filter(active=True).count() finding_count = Finding.objects.filter( verified=True, mitigated=None, duplicate=False, date__range=[seven_days_ago, now]).count() mitigated_count = Finding.objects.filter( mitigated__date__range=[seven_days_ago, now]).count() accepted_count = len([ finding for ra in Risk_Acceptance.objects.filter( created__date__range=[seven_days_ago, now]) for finding in ra.accepted_findings.all() ]) findings = Finding.objects.filter(verified=True, duplicate=False) # forever counts else: engagement_count = Engagement.objects.filter(lead=request.user, active=True).count() finding_count = Finding.objects.filter( reporter=request.user, verified=True, duplicate=False, mitigated=None, date__range=[seven_days_ago, now]).count() mitigated_count = Finding.objects.filter( mitigated_by=request.user, mitigated__date__range=[seven_days_ago, now]).count() accepted_count = len([ finding for ra in Risk_Acceptance.objects.filter( owner=request.user, created__date__range=[seven_days_ago, now]) for finding in ra.accepted_findings.all() ]) # forever counts findings = Finding.objects.filter(reporter=request.user, verified=True, duplicate=False) severity_count_all = get_severities_all(findings) severity_count_by_month = get_severities_by_month(findings) start_date = timezone.now() - relativedelta(weeks=26) punchcard, ticks = get_punchcard_data(findings, start_date, 26) unassigned_surveys = Answered_Survey.objects.all().filter( assignee_id__isnull=True, completed__gt=0) top_five = get_top5_products(request) cve = get_cve(request) add_breadcrumb(request=request, clear=True) return render( request, 'dojo/dashboard.html', { 'engagement_count': engagement_count, 'finding_count': finding_count, 'mitigated_count': mitigated_count, 'accepted_count': accepted_count, 'critical': severity_count_all['Critical'], 'high': severity_count_all['High'], 'medium': severity_count_all['Medium'], 'low': severity_count_all['Low'], 'info': severity_count_all['Info'], 'critical_cve': cve['Critical'], 'high_cve': cve['High'], 'medium_cve': cve['Medium'], 'low_cve': cve['Low'], 'info_cve': cve['Info'], 'by_month': severity_count_by_month, 'punchcard': punchcard, 'ticks': ticks, 'top_five_products': top_five, 'surveys': unassigned_surveys })
def metrics(request, mtype): template = 'dojo/metrics.html' page_name = 'Product Type Metrics' show_pt_filter = True sql_age_query = "" if "postgresql" in settings.DATABASES["default"]["ENGINE"]: sql_age_query = """SELECT (CASE WHEN (dojo_finding.mitigated IS NULL) THEN DATE_PART(\'day\', date::timestamp - dojo_finding.date::timestamp) ELSE DATE_PART(\'day\', dojo_finding.mitigated::timestamp - dojo_finding.date::timestamp) END)""" else: sql_age_query = """SELECT IF(dojo_finding.mitigated IS NULL, DATEDIFF(CURDATE(), dojo_finding.date), DATEDIFF(dojo_finding.mitigated, dojo_finding.date))""" findings = Finding.objects.filter( verified=True, severity__in=('Critical', 'High', 'Medium', 'Low', 'Info') ).prefetch_related( 'test__engagement__product', 'test__engagement__product__prod_type', 'test__engagement__risk_acceptance', 'risk_acceptance_set', 'reporter' ).extra(select={ 'ra_count': 'SELECT COUNT(*) FROM dojo_risk_acceptance INNER JOIN ' 'dojo_risk_acceptance_accepted_findings ON ' '( dojo_risk_acceptance.id = dojo_risk_acceptance_accepted_findings.risk_acceptance_id ) ' 'WHERE dojo_risk_acceptance_accepted_findings.finding_id = dojo_finding.id', "sql_age": sql_age_query }, ) active_findings = Finding.objects.filter( verified=True, active=True, severity__in=('Critical', 'High', 'Medium', 'Low', 'Info') ).prefetch_related( 'test__engagement__product', 'test__engagement__product__prod_type', 'test__engagement__risk_acceptance', 'risk_acceptance_set', 'reporter' ).extra(select={ 'ra_count': 'SELECT COUNT(*) FROM dojo_risk_acceptance INNER JOIN ' 'dojo_risk_acceptance_accepted_findings ON ' '( dojo_risk_acceptance.id = dojo_risk_acceptance_accepted_findings.risk_acceptance_id ) ' 'WHERE dojo_risk_acceptance_accepted_findings.finding_id = dojo_finding.id', "sql_age": sql_age_query }, ) if mtype != 'All': pt = Product_Type.objects.filter(id=mtype) request.GET._mutable = True request.GET.appendlist('test__engagement__product__prod_type', mtype) request.GET._mutable = False mtype = pt[0].name show_pt_filter = False page_name = '%s Metrics' % mtype prod_type = pt elif 'test__engagement__product__prod_type' in request.GET: prod_type = Product_Type.objects.filter(id__in=request.GET.getlist( 'test__engagement__product__prod_type', [])) else: prod_type = Product_Type.objects.all() findings = MetricsFindingFilter(request.GET, queryset=findings) active_findings = MetricsFindingFilter(request.GET, queryset=active_findings) findings.qs # this is needed to load details from filter since it is lazy active_findings.qs # this is needed to load details from filter since it is lazy start_date = findings.filters['date'].start_date start_date = datetime(start_date.year, start_date.month, start_date.day, tzinfo=timezone.get_current_timezone()) end_date = findings.filters['date'].end_date end_date = datetime(end_date.year, end_date.month, end_date.day, tzinfo=timezone.get_current_timezone()) if len(prod_type) > 0: findings_closed = Finding.objects.filter( mitigated__range=[start_date, end_date], test__engagement__product__prod_type__in=prod_type ).prefetch_related('test__engagement__product') # capture the accepted findings in period accepted_findings = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date], test__engagement__product__prod_type__in=prod_type). \ prefetch_related('test__engagement__product') accepted_findings_counts = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date], test__engagement__product__prod_type__in=prod_type). \ prefetch_related('test__engagement__product').aggregate( total=Sum( Case(When(severity__in=('Critical', 'High', 'Medium', 'Low'), then=Value(1)), output_field=IntegerField())), critical=Sum( Case(When(severity='Critical', then=Value(1)), output_field=IntegerField())), high=Sum( Case(When(severity='High', then=Value(1)), output_field=IntegerField())), medium=Sum( Case(When(severity='Medium', then=Value(1)), output_field=IntegerField())), low=Sum( Case(When(severity='Low', then=Value(1)), output_field=IntegerField())), info=Sum( Case(When(severity='Info', then=Value(1)), output_field=IntegerField())), ) else: findings_closed = Finding.objects.filter( mitigated__range=[start_date, end_date]).prefetch_related( 'test__engagement__product') accepted_findings = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date]). \ prefetch_related('test__engagement__product') accepted_findings_counts = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date]). \ prefetch_related('test__engagement__product').aggregate( total=Sum( Case(When(severity__in=('Critical', 'High', 'Medium', 'Low'), then=Value(1)), output_field=IntegerField())), critical=Sum( Case(When(severity='Critical', then=Value(1)), output_field=IntegerField())), high=Sum( Case(When(severity='High', then=Value(1)), output_field=IntegerField())), medium=Sum( Case(When(severity='Medium', then=Value(1)), output_field=IntegerField())), low=Sum( Case(When(severity='Low', then=Value(1)), output_field=IntegerField())), info=Sum( Case(When(severity='Info', then=Value(1)), output_field=IntegerField())), ) r = relativedelta(end_date, start_date) months_between = (r.years * 12) + r.months # include current month months_between += 1 weeks_between = int( ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7))) if weeks_between <= 0: weeks_between += 2 monthly_counts = get_period_counts(active_findings.qs, findings.qs, findings_closed, accepted_findings, months_between, start_date, relative_delta='months') weekly_counts = get_period_counts(active_findings.qs, findings.qs, findings_closed, accepted_findings, weeks_between, start_date, relative_delta='weeks') top_ten = Product.objects.filter( engagement__test__finding__verified=True, engagement__test__finding__false_p=False, engagement__test__finding__duplicate=False, engagement__test__finding__out_of_scope=False, engagement__test__finding__mitigated__isnull=True, engagement__test__finding__severity__in=('Critical', 'High', 'Medium', 'Low'), prod_type__in=prod_type).annotate( critical=Sum( Case(When(engagement__test__finding__severity='Critical', then=Value(1)), output_field=IntegerField())), high=Sum( Case(When(engagement__test__finding__severity='High', then=Value(1)), output_field=IntegerField())), medium=Sum( Case(When(engagement__test__finding__severity='Medium', then=Value(1)), output_field=IntegerField())), low=Sum( Case(When(engagement__test__finding__severity='Low', then=Value(1)), output_field=IntegerField())), total=Sum( Case(When(engagement__test__finding__severity__in=('Critical', 'High', 'Medium', 'Low'), then=Value(1)), output_field=IntegerField()))).order_by( '-critical', '-high', '-medium', '-low')[:10] age_detail = [0, 0, 0, 0] in_period_counts = { "Critical": 0, "High": 0, "Medium": 0, "Low": 0, "Info": 0, "Total": 0 } in_period_details = {} closed_in_period_counts = { "Critical": 0, "High": 0, "Medium": 0, "Low": 0, "Info": 0, "Total": 0 } closed_in_period_details = {} accepted_in_period_details = {} for finding in findings.qs: if 0 <= finding.sql_age <= 30: age_detail[0] += 1 elif 30 < finding.sql_age <= 60: age_detail[1] += 1 elif 60 < finding.sql_age <= 90: age_detail[2] += 1 elif finding.sql_age > 90: age_detail[3] += 1 in_period_counts[finding.severity] += 1 in_period_counts['Total'] += 1 if finding.test.engagement.product.name not in in_period_details: in_period_details[finding.test.engagement.product.name] = { 'path': reverse('view_product_findings', args=(finding.test.engagement.product.id, )), 'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0, 'Total': 0 } in_period_details[finding.test.engagement.product.name][ finding.severity] += 1 in_period_details[finding.test.engagement.product.name]['Total'] += 1 for finding in accepted_findings: if finding.test.engagement.product.name not in accepted_in_period_details: accepted_in_period_details[ finding.test.engagement.product.name] = { 'path': reverse('accepted_findings') + '?test__engagement__product=' + str(finding.test.engagement.product.id), 'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0, 'Total': 0 } accepted_in_period_details[finding.test.engagement.product.name][ finding.severity] += 1 accepted_in_period_details[ finding.test.engagement.product.name]['Total'] += 1 for f in findings_closed: closed_in_period_counts[f.severity] += 1 closed_in_period_counts['Total'] += 1 if f.test.engagement.product.name not in closed_in_period_details: closed_in_period_details[f.test.engagement.product.name] = { 'path': reverse('closed_findings') + '?test__engagement__product=' + str(f.test.engagement.product.id), 'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0, 'Total': 0 } closed_in_period_details[f.test.engagement.product.name][ f.severity] += 1 closed_in_period_details[f.test.engagement.product.name]['Total'] += 1 punchcard = list() ticks = list() highest_count = 0 if 'view' in request.GET and 'dashboard' == request.GET['view']: punchcard, ticks, highest_count = get_punchcard_data( findings.qs, weeks_between, start_date) page_name = (get_system_setting('team_name')) + " Metrics" template = 'dojo/dashboard-metrics.html' add_breadcrumb(title=page_name, top_level=not len(request.GET), request=request) return render( request, template, { 'name': page_name, 'start_date': start_date, 'end_date': end_date, 'findings': findings, 'opened_per_month': monthly_counts['opened_per_period'], 'active_per_month': monthly_counts['active_per_period'], 'opened_per_week': weekly_counts['opened_per_period'], 'accepted_per_month': monthly_counts['accepted_per_period'], 'accepted_per_week': weekly_counts['accepted_per_period'], 'top_ten_products': top_ten, 'age_detail': age_detail, 'in_period_counts': in_period_counts, 'in_period_details': in_period_details, 'accepted_in_period_counts': accepted_findings_counts, 'accepted_in_period_details': accepted_in_period_details, 'closed_in_period_counts': closed_in_period_counts, 'closed_in_period_details': closed_in_period_details, 'punchcard': punchcard, 'ticks': ticks, 'highest_count': highest_count, 'show_pt_filter': show_pt_filter, })
def view_product_metrics(request, pid): prod = get_object_or_404(Product, id=pid) engs = Engagement.objects.filter(product=prod, active=True) result = EngagementFilter( request.GET, queryset=Engagement.objects.filter(product=prod, active=False).order_by('-target_end')) i_engs_page = get_page_items(request, result.qs, 10) scan_sets = ScanSettings.objects.filter(product=prod) auth = request.user.is_staff or request.user in prod.authorized_users.all() if not auth: # will render 403 raise PermissionDenied ct = ContentType.objects.get_for_model(prod) product_cf = CustomField.objects.filter(content_type=ct) product_metadata = {} for cf in product_cf: cfv = CustomFieldValue.objects.filter(field=cf, object_id=prod.id) if len(cfv): product_metadata[cf.name] = cfv[0].value try: start_date = Finding.objects.filter(test__engagement__product=prod).order_by('date')[:1][0].date except: start_date = timezone.now() end_date = timezone.now() tests = Test.objects.filter(engagement__product=prod) risk_acceptances = Risk_Acceptance.objects.filter(engagement__in=Engagement.objects.filter(product=prod)) accepted_findings = [finding for ra in risk_acceptances for finding in ra.accepted_findings.all()] verified_findings = Finding.objects.filter(test__engagement__product=prod, date__range=[start_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False).order_by("date") week_date = end_date - timedelta(days=7) # seven days and /newnewer are considered "new" new_verified_findings = Finding.objects.filter(test__engagement__product=prod, date__range=[week_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False).order_by("date") open_findings = Finding.objects.filter(test__engagement__product=prod, date__range=[start_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False, active=True, mitigated__isnull=True) closed_findings = Finding.objects.filter(test__engagement__product=prod, date__range=[start_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False, mitigated__isnull=False) start_date = timezone.make_aware(datetime.combine(start_date, datetime.min.time())) r = relativedelta(end_date, start_date) weeks_between = int(ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7))) if weeks_between <= 0: weeks_between += 2 punchcard, ticks, highest_count = get_punchcard_data(verified_findings, weeks_between, start_date) add_breadcrumb(parent=prod, top_level=False, request=request) open_close_weekly = OrderedDict() new_weekly = OrderedDict() severity_weekly = OrderedDict() critical_weekly = OrderedDict() high_weekly = OrderedDict() medium_weekly = OrderedDict() for v in verified_findings: iso_cal = v.date.isocalendar() x = iso_to_gregorian(iso_cal[0], iso_cal[1], 1) y = x.strftime("<span class='small'>%m/%d<br/>%Y</span>") x = (tcalendar.timegm(x.timetuple()) * 1000) if x not in critical_weekly: critical_weekly[x] = {'count': 0, 'week': y} if x not in high_weekly: high_weekly[x] = {'count': 0, 'week': y} if x not in medium_weekly: medium_weekly[x] = {'count': 0, 'week': y} if x in open_close_weekly: if v.mitigated: open_close_weekly[x]['closed'] += 1 else: open_close_weekly[x]['open'] += 1 else: if v.mitigated: open_close_weekly[x] = {'closed': 1, 'open': 0, 'accepted': 0} else: open_close_weekly[x] = {'closed': 0, 'open': 1, 'accepted': 0} open_close_weekly[x]['week'] = y if x in severity_weekly: if v.severity in severity_weekly[x]: severity_weekly[x][v.severity] += 1 else: severity_weekly[x][v.severity] = 1 else: severity_weekly[x] = {'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0} severity_weekly[x][v.severity] = 1 severity_weekly[x]['week'] = y if v.severity == 'Critical': if x in critical_weekly: critical_weekly[x]['count'] += 1 else: critical_weekly[x] = {'count': 1, 'week': y} elif v.severity == 'High': if x in high_weekly: high_weekly[x]['count'] += 1 else: high_weekly[x] = {'count': 1, 'week': y} elif v.severity == 'Medium': if x in medium_weekly: medium_weekly[x]['count'] += 1 else: medium_weekly[x] = {'count': 1, 'week': y} for a in accepted_findings: iso_cal = a.date.isocalendar() x = iso_to_gregorian(iso_cal[0], iso_cal[1], 1) y = x.strftime("<span class='small'>%m/%d<br/>%Y</span>") x = (tcalendar.timegm(x.timetuple()) * 1000) if x in open_close_weekly: open_close_weekly[x]['accepted'] += 1 else: open_close_weekly[x] = {'closed': 0, 'open': 0, 'accepted': 1} open_close_weekly[x]['week'] = y test_data = {} for t in tests: if t.test_type.name in test_data: test_data[t.test_type.name] += t.verified_finding_count() else: test_data[t.test_type.name] = t.verified_finding_count() product_tab = Product_Tab(pid, title="Product", tab="metrics") return render(request, 'dojo/product_metrics.html', {'prod': prod, 'product_tab': product_tab, 'product_metadata': product_metadata, 'engs': engs, 'i_engs': i_engs_page, 'scan_sets': scan_sets, 'verified_findings': verified_findings, 'open_findings': open_findings, 'closed_findings': closed_findings, 'accepted_findings': accepted_findings, 'new_findings': new_verified_findings, 'start_date': start_date, 'punchcard': punchcard, 'ticks': ticks, 'highest_count': highest_count, 'open_close_weekly': open_close_weekly, 'severity_weekly': severity_weekly, 'critical_weekly': critical_weekly, 'high_weekly': high_weekly, 'medium_weekly': medium_weekly, 'test_data': test_data, 'user': request.user, 'authorized': auth})
def dashboard(request): now = timezone.now() seven_days_ago = now - timedelta(days=7) if request.user.is_superuser: engagement_count = Engagement.objects.filter(active=True).count() finding_count = Finding.objects.filter(verified=True, mitigated=None, duplicate=False, date__range=[seven_days_ago, now]).count() mitigated_count = Finding.objects.filter(mitigated__range=[seven_days_ago, now]).count() accepted_count = len([finding for ra in Risk_Acceptance.objects.filter( reporter=request.user, created__range=[seven_days_ago, now]) for finding in ra.accepted_findings.all()]) # forever counts findings = Finding.objects.filter(verified=True, duplicate=False) else: engagement_count = Engagement.objects.filter(lead=request.user, active=True).count() finding_count = Finding.objects.filter(reporter=request.user, verified=True, duplicate=False, mitigated=None, date__range=[seven_days_ago, now]).count() mitigated_count = Finding.objects.filter(mitigated_by=request.user, mitigated__range=[seven_days_ago, now]).count() accepted_count = len([finding for ra in Risk_Acceptance.objects.filter( reporter=request.user, created__range=[seven_days_ago, now]) for finding in ra.accepted_findings.all()]) # forever counts findings = Finding.objects.filter(reporter=request.user, verified=True, duplicate=True) sev_counts = {'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0} for finding in findings: if finding.severity: sev_counts[finding.severity] += 1 by_month = list() dates_to_use = [now, now - relativedelta(months=1), now - relativedelta(months=2), now - relativedelta(months=3), now - relativedelta(months=4), now - relativedelta(months=5), now - relativedelta(months=6)] for date_to_use in dates_to_use: sourcedata = {'y': date_to_use.strftime("%Y-%m"), 'a': 0, 'b': 0, 'c': 0, 'd': 0, 'e': 0} for finding in Finding.objects.filter( reporter=request.user, verified=True, duplicate=False, date__range=[datetime(date_to_use.year, date_to_use.month, 1, tzinfo=timezone.get_current_timezone()), datetime(date_to_use.year, date_to_use.month, monthrange(date_to_use.year, date_to_use.month)[1], tzinfo=timezone.get_current_timezone())]): if finding.severity == 'Critical': sourcedata['a'] += 1 elif finding.severity == 'High': sourcedata['b'] += 1 elif finding.severity == 'Medium': sourcedata['c'] += 1 elif finding.severity == 'Low': sourcedata['d'] += 1 elif finding.severity == 'Info': sourcedata['e'] += 1 by_month.append(sourcedata) start_date = now - timedelta(days=180) r = relativedelta(now, start_date) weeks_between = int(ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7))) if weeks_between <= 0: weeks_between += 2 punchcard, ticks, highest_count = get_punchcard_data(findings, weeks_between, start_date) add_breadcrumb(request=request, clear=True) return render(request, 'dojo/dashboard.html', {'engagement_count': engagement_count, 'finding_count': finding_count, 'mitigated_count': mitigated_count, 'accepted_count': accepted_count, 'critical': sev_counts['Critical'], 'high': sev_counts['High'], 'medium': sev_counts['Medium'], 'low': sev_counts['Low'], 'info': sev_counts['Info'], 'by_month': by_month, 'punchcard': punchcard, 'ticks': ticks, 'highest_count': highest_count})
def metrics(request, mtype): template = 'dojo/metrics.html' show_pt_filter = True view = identify_view(request) page_name = 'Product Type Metrics by ' age_detail = [0, 0, 0, 0] in_period_counts = { "Critical": 0, "High": 0, "Medium": 0, "Low": 0, "Info": 0, "Total": 0 } in_period_details = {} closed_in_period_counts = { "Critical": 0, "High": 0, "Medium": 0, "Low": 0, "Info": 0, "Total": 0 } closed_in_period_details = {} accepted_in_period_details = {} if mtype != 'All': pt = Product_Type.objects.filter(id=mtype) request.GET._mutable = True request.GET.appendlist('test__engagement__product__prod_type', mtype) request.GET._mutable = False mtype = pt[0].name show_pt_filter = False page_name = '%s Metrics' % mtype prod_type = pt elif 'test__engagement__product__prod_type' in request.GET: prod_type = Product_Type.objects.filter(id__in=request.GET.getlist( 'test__engagement__product__prod_type', [])) else: prod_type = Product_Type.objects.all() filters = dict() if view == 'Finding': page_name += 'Findings' filters = finding_querys(prod_type, request) elif view == 'Endpoint': page_name += 'Affected Endpoints' filters = endpoint_querys(prod_type, request) for obj in queryset_check(filters['all']): if view == 'Endpoint': obj = obj.finding if 0 <= obj.age <= 30: age_detail[0] += 1 elif 30 < obj.age <= 60: age_detail[1] += 1 elif 60 < obj.age <= 90: age_detail[2] += 1 elif obj.age > 90: age_detail[3] += 1 in_period_counts[obj.severity] += 1 in_period_counts['Total'] += 1 if obj.test.engagement.product.name not in in_period_details: in_period_details[obj.test.engagement.product.name] = { 'path': reverse('product_open_findings', args=(obj.test.engagement.product.id, )), 'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0, 'Total': 0 } in_period_details[obj.test.engagement.product.name][obj.severity] += 1 in_period_details[obj.test.engagement.product.name]['Total'] += 1 for obj in filters['accepted']: if view == 'Endpoint': obj = finding.finding if obj.test.engagement.product.name not in accepted_in_period_details: accepted_in_period_details[obj.test.engagement.product.name] = { 'path': reverse('accepted_findings') + '?test__engagement__product=' + str(obj.test.engagement.product.id), 'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0, 'Total': 0 } accepted_in_period_details[obj.test.engagement.product.name][ obj.severity] += 1 accepted_in_period_details[ obj.test.engagement.product.name]['Total'] += 1 for obj in filters['closed']: if view == 'Endpoint': obj = obj.finding closed_in_period_counts[obj.severity] += 1 closed_in_period_counts['Total'] += 1 if obj.test.engagement.product.name not in closed_in_period_details: closed_in_period_details[obj.test.engagement.product.name] = { 'path': reverse('closed_findings') + '?test__engagement__product=' + str(obj.test.engagement.product.id), 'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0, 'Total': 0 } closed_in_period_details[obj.test.engagement.product.name][ obj.severity] += 1 closed_in_period_details[ obj.test.engagement.product.name]['Total'] += 1 punchcard = list() ticks = list() monthly_counts = filters['monthly_counts'] weekly_counts = filters['weekly_counts'] if 'view' in request.GET and 'dashboard' == request.GET['view']: punchcard, ticks = get_punchcard_data(queryset_check(filters['all']), filters['start_date'], filters['weeks_between'], view) page_name = (get_system_setting('team_name')) + " Metrics" template = 'dojo/dashboard-metrics.html' add_breadcrumb(title=page_name, top_level=not len(request.GET), request=request) return render( request, template, { 'name': page_name, 'start_date': filters['start_date'], 'end_date': filters['end_date'], 'findings': filters['all'], 'opened_per_month': monthly_counts['opened_per_period'], 'active_per_month': monthly_counts['active_per_period'], 'opened_per_week': weekly_counts['opened_per_period'], 'accepted_per_month': monthly_counts['accepted_per_period'], 'accepted_per_week': weekly_counts['accepted_per_period'], 'top_ten_products': filters['top_ten'], 'age_detail': age_detail, 'in_period_counts': in_period_counts, 'in_period_details': in_period_details, 'accepted_in_period_counts': filters['accepted_count'], 'accepted_in_period_details': accepted_in_period_details, 'closed_in_period_counts': closed_in_period_counts, 'closed_in_period_details': closed_in_period_details, 'punchcard': punchcard, 'ticks': ticks, 'show_pt_filter': show_pt_filter, })
def view_product(request, pid): prod = get_object_or_404(Product, id=pid) engs = Engagement.objects.filter(product=prod, active=True) i_engs = Engagement.objects.filter(product=prod, active=False) scan_sets = ScanSettings.objects.filter(product=prod) auth = request.user.is_staff or request.user in prod.authorized_users.all() if not auth: # will render 403 raise PermissionDenied try: start_date = Finding.objects.filter(product=prod).order_by('date')[:1][0].date except: start_date = localtz.localize(datetime.today()) end_date = localtz.localize(datetime.today()) risk_acceptances = Risk_Acceptance.objects.filter(engagement__in=Engagement.objects.filter(product=prod)) accepted_findings = [finding for ra in risk_acceptances for finding in ra.accepted_findings.all()] verified_findings = Finding.objects.filter(product=prod, date__range=[start_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False) open_findings = Finding.objects.filter(product=prod, date__range=[start_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False, active=True, mitigated__isnull=True) closed_findings = Finding.objects.filter(product=prod, date__range=[start_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False, mitigated__isnull=False) start_date = localtz.localize(datetime.combine(start_date, datetime.min.time())) r = relativedelta(end_date, start_date) weeks_between = int(ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7))) if weeks_between <= 0: weeks_between += 2 punchcard, ticks, highest_count = get_punchcard_data(verified_findings, weeks_between, start_date) add_breadcrumb(parent=prod, top_level=False, request=request) return render(request, 'dojo/view_product.html', {'prod': prod, 'engs': engs, 'i_engs': i_engs, 'scan_sets': scan_sets, 'verified_findings': verified_findings, 'open_findings': open_findings, 'closed_findings': closed_findings, 'accepted_findings': accepted_findings, 'punchcard': punchcard, 'ticks': ticks, 'highest_count': highest_count, 'user': request.user, 'authorized': auth})
def view_product(request, pid): prod = get_object_or_404(Product, id=pid) engs = Engagement.objects.filter(product=prod, active=True) i_engs = Engagement.objects.filter(product=prod, active=False) scan_sets = ScanSettings.objects.filter(product=prod) auth = request.user.is_staff or request.user in prod.authorized_users.all() if not auth: # will render 403 raise PermissionDenied try: start_date = Finding.objects.filter( test__engagement__product=prod).order_by('date')[:1][0].date except: start_date = localtz.localize(datetime.today()) end_date = localtz.localize(datetime.today()) risk_acceptances = Risk_Acceptance.objects.filter( engagement__in=Engagement.objects.filter(product=prod)) accepted_findings = [ finding for ra in risk_acceptances for finding in ra.accepted_findings.all() ] verified_findings = Finding.objects.filter( test__engagement__product=prod, date__range=[start_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False) open_findings = Finding.objects.filter(test__engagement__product=prod, date__range=[start_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False, active=True, mitigated__isnull=True) closed_findings = Finding.objects.filter( test__engagement__product=prod, date__range=[start_date, end_date], false_p=False, verified=True, duplicate=False, out_of_scope=False, mitigated__isnull=False) start_date = localtz.localize( datetime.combine(start_date, datetime.min.time())) r = relativedelta(end_date, start_date) weeks_between = int( ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7))) if weeks_between <= 0: weeks_between += 2 punchcard, ticks, highest_count = get_punchcard_data( verified_findings, weeks_between, start_date) add_breadcrumb(parent=prod, top_level=False, request=request) return render( request, 'dojo/view_product.html', { 'prod': prod, 'engs': engs, 'i_engs': i_engs, 'scan_sets': scan_sets, 'verified_findings': verified_findings, 'open_findings': open_findings, 'closed_findings': closed_findings, 'accepted_findings': accepted_findings, 'punchcard': punchcard, 'ticks': ticks, 'highest_count': highest_count, 'user': request.user, 'authorized': auth })
def metrics(request, mtype): template = 'dojo/metrics.html' show_pt_filter = True view = identify_view(request) page_name = 'Product Type Metrics by ' if mtype != 'All': pt = Product_Type.objects.filter(id=mtype) request.GET._mutable = True request.GET.appendlist('test__engagement__product__prod_type', mtype) request.GET._mutable = False mtype = pt[0].name show_pt_filter = False page_name = '%s Metrics' % mtype prod_type = pt elif 'test__engagement__product__prod_type' in request.GET: prod_type = Product_Type.objects.filter(id__in=request.GET.getlist('test__engagement__product__prod_type', [])) else: prod_type = get_authorized_product_types(Permissions.Product_Type_View) # legacy code calls has 'prod_type' as 'related_name' for product.... so weird looking prefetch prod_type = prod_type.prefetch_related('prod_type', 'prod_type__authorized_users', 'authorized_users') filters = dict() if view == 'Finding': page_name += 'Findings' filters = finding_querys(prod_type, request) elif view == 'Endpoint': page_name += 'Affected Endpoints' filters = endpoint_querys(prod_type, request) in_period_counts, in_period_details, age_detail = get_in_period_details([ obj.finding if view == 'Endpoint' else obj for obj in queryset_check(filters['all']) ]) accepted_in_period_details = get_accepted_in_period_details([ obj.finding if view == 'Endpoint' else obj for obj in filters['accepted'] ]) closed_in_period_counts, closed_in_period_details = get_closed_in_period_details([ obj.finding if view == 'Endpoint' else obj for obj in filters['closed'] ]) punchcard = list() ticks = list() if 'view' in request.GET and 'dashboard' == request.GET['view']: punchcard, ticks = get_punchcard_data(queryset_check(filters['all']), filters['start_date'], filters['weeks_between'], view) page_name = (get_system_setting('team_name')) + " Metrics" template = 'dojo/dashboard-metrics.html' add_breadcrumb(title=page_name, top_level=not len(request.GET), request=request) return render(request, template, { 'name': page_name, 'start_date': filters['start_date'], 'end_date': filters['end_date'], 'findings': filters['all'], 'opened_per_month': filters['monthly_counts']['opened_per_period'], 'active_per_month': filters['monthly_counts']['active_per_period'], 'opened_per_week': filters['weekly_counts']['opened_per_period'], 'accepted_per_month': filters['monthly_counts']['accepted_per_period'], 'accepted_per_week': filters['weekly_counts']['accepted_per_period'], 'top_ten_products': filters['top_ten'], 'age_detail': age_detail, 'in_period_counts': in_period_counts, 'in_period_details': in_period_details, 'accepted_in_period_counts': filters['accepted_count'], 'accepted_in_period_details': accepted_in_period_details, 'closed_in_period_counts': closed_in_period_counts, 'closed_in_period_details': closed_in_period_details, 'punchcard': punchcard, 'ticks': ticks, 'show_pt_filter': show_pt_filter, })