def dashboard(request: HttpRequest) -> HttpResponse:
if request.user.is_staff:
engagements = Engagement.objects.all()
findings = Finding.objects.all()
else:
engagements = Engagement.objects.filter(
Q(product__authorized_users=request.user)
| Q(product__prod_type__authorized_users=request.user)).distinct()
findings = Finding.objects.filter(
Q(test__engagement__product__authorized_users=request.user)
| Q(test__engagement__product__prod_type__authorized_users=request.
user)).distinct()
findings = findings.filter(duplicate=False)
engagement_count = engagements.filter(active=True).count()
today = timezone.now().date()
date_range = [today - timedelta(days=6),
today] # 7 days (6 days plus today)
finding_count = findings\
.filter(created__date__range=date_range)\
.count()
mitigated_count = findings\
.filter(mitigated__date__range=date_range)\
.count()
accepted_count = findings\
.filter(risk_acceptance__created__date__range=date_range)\
.count()
severity_count_all = get_severities_all(findings)
severity_count_by_month = get_severities_by_month(findings, today)
punchcard, ticks = get_punchcard_data(findings,
today - relativedelta(weeks=26), 26)
unassigned_surveys = Answered_Survey.objects.filter(
assignee_id__isnull=True, completed__gt=0)
add_breadcrumb(request=request, clear=True)
return render(
request, 'dojo/dashboard.html', {
'engagement_count': engagement_count,
'finding_count': finding_count,
'mitigated_count': mitigated_count,
'accepted_count': accepted_count,
'critical': severity_count_all['Critical'],
'high': severity_count_all['High'],
'medium': severity_count_all['Medium'],
'low': severity_count_all['Low'],
'info': severity_count_all['Info'],
'by_month': severity_count_by_month,
'punchcard': punchcard,
'ticks': ticks,
'surveys': unassigned_surveys,
})
def dashboard(request: HttpRequest) -> HttpResponse:
engagements = get_authorized_engagements(Permissions.Engagement_View).distinct()
findings = get_authorized_findings(Permissions.Finding_View).distinct()
findings = findings.filter(duplicate=False)
engagement_count = engagements.filter(active=True).count()
today = timezone.now().date()
date_range = [today - timedelta(days=6), today] # 7 days (6 days plus today)
finding_count = findings\
.filter(created__date__range=date_range)\
.count()
mitigated_count = findings\
.filter(mitigated__date__range=date_range)\
.count()
accepted_count = findings\
.filter(risk_acceptance__created__date__range=date_range)\
.count()
severity_count_all = get_severities_all(findings)
severity_count_by_month = get_severities_by_month(findings, today)
punchcard, ticks = get_punchcard_data(findings, today - relativedelta(weeks=26), 26)
if user_has_configuration_permission(request.user, 'dojo.view_engagement_survey', 'staff'):
unassigned_surveys = Answered_Survey.objects.filter(assignee_id__isnull=True, completed__gt=0, ) \
.filter(Q(engagement__isnull=True) | Q(engagement__in=engagements))
else:
unassigned_surveys = None
if request.user.is_superuser and not settings.FEATURE_CONFIGURATION_AUTHORIZATION:
message = '''Legacy authorization for changing configurations based on staff users will be
removed with version 2.12.0 / 5. July 2022. If you have set
`FEATURE_CONFIGURATION_AUTHORIZATION` to `False` in your local configuration,
remove this local setting and start using the new authorization.'''
messages.add_message(request, messages.WARNING, message, extra_tags='alert-warning')
add_breadcrumb(request=request, clear=True)
return render(request, 'dojo/dashboard.html', {
'engagement_count': engagement_count,
'finding_count': finding_count,
'mitigated_count': mitigated_count,
'accepted_count': accepted_count,
'critical': severity_count_all['Critical'],
'high': severity_count_all['High'],
'medium': severity_count_all['Medium'],
'low': severity_count_all['Low'],
'info': severity_count_all['Info'],
'by_month': severity_count_by_month,
'punchcard': punchcard,
'ticks': ticks,
'surveys': unassigned_surveys,
})
def dashboard(request: HttpRequest) -> HttpResponse:
engagements = get_authorized_engagements(Permissions.Engagement_View).distinct()
findings = get_authorized_findings(Permissions.Finding_View).distinct()
findings = findings.filter(duplicate=False)
engagement_count = engagements.filter(active=True).count()
today = timezone.now().date()
date_range = [today - timedelta(days=6), today] # 7 days (6 days plus today)
finding_count = findings\
.filter(created__date__range=date_range)\
.count()
mitigated_count = findings\
.filter(mitigated__date__range=date_range)\
.count()
accepted_count = findings\
.filter(risk_acceptance__created__date__range=date_range)\
.count()
severity_count_all = get_severities_all(findings)
severity_count_by_month = get_severities_by_month(findings, today)
punchcard, ticks = get_punchcard_data(findings, today - relativedelta(weeks=26), 26)
if user_has_configuration_permission(request.user, 'dojo.view_engagement_survey', 'staff'):
unassigned_surveys = Answered_Survey.objects.filter(assignee_id__isnull=True, completed__gt=0, ) \
.filter(Q(engagement__isnull=True) | Q(engagement__in=engagements))
else:
unassigned_surveys = None
add_breadcrumb(request=request, clear=True)
return render(request, 'dojo/dashboard.html', {
'engagement_count': engagement_count,
'finding_count': finding_count,
'mitigated_count': mitigated_count,
'accepted_count': accepted_count,
'critical': severity_count_all['Critical'],
'high': severity_count_all['High'],
'medium': severity_count_all['Medium'],
'low': severity_count_all['Low'],
'info': severity_count_all['Info'],
'by_month': severity_count_by_month,
'punchcard': punchcard,
'ticks': ticks,
'surveys': unassigned_surveys,
})
def dashboard(request):
now = timezone.now()
seven_days_ago = now - timedelta(days=7)
if request.user.is_superuser:
engagement_count = Engagement.objects.filter(active=True).count()
finding_count = Finding.objects.filter(
verified=True, mitigated=None, date__range=[seven_days_ago,
now]).count()
mitigated_count = Finding.objects.filter(
mitigated__range=[seven_days_ago, now]).count()
accepted_count = len([
finding for ra in Risk_Acceptance.objects.filter(
reporter=request.user, created__range=[seven_days_ago, now])
for finding in ra.accepted_findings.all()
])
# forever counts
findings = Finding.objects.filter(verified=True)
else:
engagement_count = Engagement.objects.filter(lead=request.user,
active=True).count()
finding_count = Finding.objects.filter(
reporter=request.user,
verified=True,
mitigated=None,
date__range=[seven_days_ago, now]).count()
mitigated_count = Finding.objects.filter(
mitigated_by=request.user, mitigated__range=[seven_days_ago,
now]).count()
accepted_count = len([
finding for ra in Risk_Acceptance.objects.filter(
reporter=request.user, created__range=[seven_days_ago, now])
for finding in ra.accepted_findings.all()
])
# forever counts
findings = Finding.objects.filter(reporter=request.user, verified=True)
sev_counts = {'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0}
for finding in findings:
if finding.severity:
sev_counts[finding.severity] += 1
by_month = list()
dates_to_use = [
now, now - relativedelta(months=1), now - relativedelta(months=2),
now - relativedelta(months=3), now - relativedelta(months=4),
now - relativedelta(months=5), now - relativedelta(months=6)
]
for date_to_use in dates_to_use:
sourcedata = {
'y': date_to_use.strftime("%Y-%m"),
'a': 0,
'b': 0,
'c': 0,
'd': 0,
'e': 0
}
for finding in Finding.objects.filter(
reporter=request.user,
verified=True,
date__range=[
datetime(date_to_use.year,
date_to_use.month,
1,
tzinfo=timezone.get_current_timezone()),
datetime(date_to_use.year,
date_to_use.month,
monthrange(date_to_use.year,
date_to_use.month)[1],
tzinfo=timezone.get_current_timezone())
]):
if finding.severity == 'Critical':
sourcedata['a'] += 1
elif finding.severity == 'High':
sourcedata['b'] += 1
elif finding.severity == 'Medium':
sourcedata['c'] += 1
elif finding.severity == 'Low':
sourcedata['d'] += 1
elif finding.severity == 'Info':
sourcedata['e'] += 1
by_month.append(sourcedata)
start_date = now - timedelta(days=180)
r = relativedelta(now, start_date)
weeks_between = int(
ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7)))
if weeks_between <= 0:
weeks_between += 2
punchcard, ticks, highest_count = get_punchcard_data(
findings, weeks_between, start_date)
add_breadcrumb(request=request, clear=True)
return render(
request, 'dojo/dashboard.html', {
'engagement_count': engagement_count,
'finding_count': finding_count,
'mitigated_count': mitigated_count,
'accepted_count': accepted_count,
'critical': sev_counts['Critical'],
'high': sev_counts['High'],
'medium': sev_counts['Medium'],
'low': sev_counts['Low'],
'info': sev_counts['Info'],
'by_month': by_month,
'punchcard': punchcard,
'ticks': ticks,
'highest_count': highest_count
})
def metrics(request, mtype):
template = 'dojo/metrics.html'
page_name = 'Product Type Metrics'
show_pt_filter = True
findings = Finding.objects.filter(verified=True,
severity__in=('Critical', 'High', 'Medium', 'Low', 'Info')).prefetch_related(
'test__engagement__product',
'test__engagement__product__prod_type',
'test__engagement__risk_acceptance',
'risk_acceptance_set',
'reporter').extra(
select={
'ra_count': 'SELECT COUNT(*) FROM dojo_risk_acceptance INNER JOIN '
'dojo_risk_acceptance_accepted_findings ON '
'( dojo_risk_acceptance.id = dojo_risk_acceptance_accepted_findings.risk_acceptance_id ) '
'WHERE dojo_risk_acceptance_accepted_findings.finding_id = dojo_finding.id',
},
)
active_findings = Finding.objects.filter(verified=True, active=True,
severity__in=('Critical', 'High', 'Medium', 'Low', 'Info')).prefetch_related(
'test__engagement__product',
'test__engagement__product__prod_type',
'test__engagement__risk_acceptance',
'risk_acceptance_set',
'reporter').extra(
select={
'ra_count': 'SELECT COUNT(*) FROM dojo_risk_acceptance INNER JOIN '
'dojo_risk_acceptance_accepted_findings ON '
'( dojo_risk_acceptance.id = dojo_risk_acceptance_accepted_findings.risk_acceptance_id ) '
'WHERE dojo_risk_acceptance_accepted_findings.finding_id = dojo_finding.id',
},
)
if mtype != 'All':
pt = Product_Type.objects.filter(id=mtype)
request.GET._mutable = True
request.GET.appendlist('test__engagement__product__prod_type', mtype)
request.GET._mutable = False
mtype = pt[0].name
show_pt_filter = False
page_name = '%s Metrics' % mtype
prod_type = pt
elif 'test__engagement__product__prod_type' in request.GET:
prod_type = Product_Type.objects.filter(id__in=request.GET.getlist('test__engagement__product__prod_type', []))
else:
prod_type = Product_Type.objects.all()
findings = MetricsFindingFilter(request.GET, queryset=findings)
active_findings = MetricsFindingFilter(request.GET, queryset=active_findings)
findings.qs # this is needed to load details from filter since it is lazy
active_findings.qs # this is needed to load details from filter since it is lazy
start_date = findings.filters['date'].start_date
start_date = datetime(start_date.year,
start_date.month, start_date.day,
tzinfo=timezone.get_current_timezone())
end_date = findings.filters['date'].end_date
end_date = datetime(end_date.year,
end_date.month, end_date.day,
tzinfo=timezone.get_current_timezone())
if len(prod_type) > 0:
findings_closed = Finding.objects.filter(mitigated__range=[start_date, end_date],
test__engagement__product__prod_type__in=prod_type).prefetch_related(
'test__engagement__product')
# capture the accepted findings in period
accepted_findings = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date],
test__engagement__product__prod_type__in=prod_type). \
prefetch_related('test__engagement__product')
accepted_findings_counts = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date],
test__engagement__product__prod_type__in=prod_type). \
prefetch_related('test__engagement__product').aggregate(
total=Sum(
Case(When(severity__in=('Critical', 'High', 'Medium', 'Low'),
then=Value(1)),
output_field=IntegerField())),
critical=Sum(
Case(When(severity='Critical',
then=Value(1)),
output_field=IntegerField())),
high=Sum(
Case(When(severity='High',
then=Value(1)),
output_field=IntegerField())),
medium=Sum(
Case(When(severity='Medium',
then=Value(1)),
output_field=IntegerField())),
low=Sum(
Case(When(severity='Low',
then=Value(1)),
output_field=IntegerField())),
info=Sum(
Case(When(severity='Info',
then=Value(1)),
output_field=IntegerField())),
)
else:
findings_closed = Finding.objects.filter(mitigated__range=[start_date, end_date]).prefetch_related(
'test__engagement__product')
accepted_findings = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date]). \
prefetch_related('test__engagement__product')
accepted_findings_counts = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date]). \
prefetch_related('test__engagement__product').aggregate(
total=Sum(
Case(When(severity__in=('Critical', 'High', 'Medium', 'Low'),
then=Value(1)),
output_field=IntegerField())),
critical=Sum(
Case(When(severity='Critical',
then=Value(1)),
output_field=IntegerField())),
high=Sum(
Case(When(severity='High',
then=Value(1)),
output_field=IntegerField())),
medium=Sum(
Case(When(severity='Medium',
then=Value(1)),
output_field=IntegerField())),
low=Sum(
Case(When(severity='Low',
then=Value(1)),
output_field=IntegerField())),
info=Sum(
Case(When(severity='Info',
then=Value(1)),
output_field=IntegerField())),
)
r = relativedelta(end_date, start_date)
months_between = (r.years * 12) + r.months
# include current month
months_between += 1
weeks_between = int(ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7)))
if weeks_between <= 0:
weeks_between += 2
monthly_counts = get_period_counts(active_findings.qs, findings.qs, findings_closed, accepted_findings, months_between, start_date,
relative_delta='months')
weekly_counts = get_period_counts(active_findings.qs, findings.qs, findings_closed, accepted_findings, weeks_between, start_date,
relative_delta='weeks')
top_ten = Product.objects.filter(engagement__test__finding__verified=True,
engagement__test__finding__false_p=False,
engagement__test__finding__duplicate=False,
engagement__test__finding__out_of_scope=False,
engagement__test__finding__mitigated__isnull=True,
engagement__test__finding__severity__in=(
'Critical', 'High', 'Medium', 'Low'),
prod_type__in=prod_type).annotate(
critical=Sum(
Case(When(engagement__test__finding__severity='Critical', then=Value(1)),
output_field=IntegerField())
),
high=Sum(
Case(When(engagement__test__finding__severity='High', then=Value(1)),
output_field=IntegerField())
),
medium=Sum(
Case(When(engagement__test__finding__severity='Medium', then=Value(1)),
output_field=IntegerField())
),
low=Sum(
Case(When(engagement__test__finding__severity='Low', then=Value(1)),
output_field=IntegerField())
),
total=Sum(
Case(When(engagement__test__finding__severity__in=(
'Critical', 'High', 'Medium', 'Low'), then=Value(1)),
output_field=IntegerField()))
).order_by('-critical', '-high', '-medium', '-low')[:10]
age_detail = [0, 0, 0, 0]
in_period_counts = {"Critical": 0, "High": 0, "Medium": 0,
"Low": 0, "Info": 0, "Total": 0}
in_period_details = {}
closed_in_period_counts = {"Critical": 0, "High": 0, "Medium": 0,
"Low": 0, "Info": 0, "Total": 0}
closed_in_period_details = {}
accepted_in_period_details = {}
for finding in findings.qs:
if 0 <= finding.age <= 30:
age_detail[0] += 1
elif 30 < finding.age <= 60:
age_detail[1] += 1
elif 60 < finding.age <= 90:
age_detail[2] += 1
elif finding.age > 90:
age_detail[3] += 1
in_period_counts[finding.severity] += 1
in_period_counts['Total'] += 1
if finding.test.engagement.product.name not in in_period_details:
in_period_details[finding.test.engagement.product.name] = {
'path': reverse('view_product_findings', args=(finding.test.engagement.product.id,)),
'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0, 'Total': 0}
in_period_details[
finding.test.engagement.product.name
][finding.severity] += 1
in_period_details[finding.test.engagement.product.name]['Total'] += 1
for finding in accepted_findings:
if finding.test.engagement.product.name not in accepted_in_period_details:
accepted_in_period_details[finding.test.engagement.product.name] = {
'path': reverse('accepted_findings') + '?test__engagement__product=' + str(
finding.test.engagement.product.id),
'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0, 'Total': 0}
accepted_in_period_details[
finding.test.engagement.product.name
][finding.severity] += 1
accepted_in_period_details[finding.test.engagement.product.name]['Total'] += 1
for f in findings_closed:
closed_in_period_counts[f.severity] += 1
closed_in_period_counts['Total'] += 1
if f.test.engagement.product.name not in closed_in_period_details:
closed_in_period_details[f.test.engagement.product.name] = {
'path': reverse('closed_findings') + '?test__engagement__product=' + str(
f.test.engagement.product.id),
'Critical': 0, 'High': 0, 'Medium': 0, 'Low': 0, 'Info': 0, 'Total': 0}
closed_in_period_details[
f.test.engagement.product.name
][f.severity] += 1
closed_in_period_details[f.test.engagement.product.name]['Total'] += 1
punchcard = list()
ticks = list()
highest_count = 0
if 'view' in request.GET and 'dashboard' == request.GET['view']:
punchcard, ticks, highest_count = get_punchcard_data(findings.qs, weeks_between, start_date)
page_name = (get_system_setting('team_name')) + " Metrics"
template = 'dojo/dashboard-metrics.html'
add_breadcrumb(title=page_name, top_level=not len(request.GET), request=request)
return render(request, template, {
'name': page_name,
'start_date': start_date,
'end_date': end_date,
'findings': findings,
'opened_per_month': monthly_counts['opened_per_period'],
'active_per_month': monthly_counts['active_per_period'],
'opened_per_week': weekly_counts['opened_per_period'],
'accepted_per_month': monthly_counts['accepted_per_period'],
'accepted_per_week': weekly_counts['accepted_per_period'],
'top_ten_products': top_ten,
'age_detail': age_detail,
'in_period_counts': in_period_counts,
'in_period_details': in_period_details,
'accepted_in_period_counts': accepted_findings_counts,
'accepted_in_period_details': accepted_in_period_details,
'closed_in_period_counts': closed_in_period_counts,
'closed_in_period_details': closed_in_period_details,
'punchcard': punchcard,
'ticks': ticks,
'highest_count': highest_count,
'show_pt_filter': show_pt_filter,
})
def view_product_metrics(request, pid):
prod = get_object_or_404(Product, id=pid)
engs = Engagement.objects.filter(product=prod, active=True)
result = EngagementFilter(request.GET,
queryset=Engagement.objects.filter(
product=prod,
active=False).order_by('-target_end'))
i_engs_page = get_page_items(request, result.qs, 10)
scan_sets = ScanSettings.objects.filter(product=prod)
auth = request.user.is_staff or request.user in prod.authorized_users.all()
if not auth:
# will render 403
raise PermissionDenied
ct = ContentType.objects.get_for_model(prod)
product_cf = CustomField.objects.filter(content_type=ct)
product_metadata = {}
for cf in product_cf:
cfv = CustomFieldValue.objects.filter(field=cf, object_id=prod.id)
if len(cfv):
product_metadata[cf.name] = cfv[0].value
try:
start_date = Finding.objects.filter(
test__engagement__product=prod).order_by('date')[:1][0].date
except:
start_date = timezone.now()
end_date = timezone.now()
tests = Test.objects.filter(engagement__product=prod)
risk_acceptances = Risk_Acceptance.objects.filter(
engagement__in=Engagement.objects.filter(product=prod))
accepted_findings = [
finding for ra in risk_acceptances
for finding in ra.accepted_findings.all()
]
verified_findings = Finding.objects.filter(
test__engagement__product=prod,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False).order_by("date")
week_date = end_date - timedelta(
days=7) # seven days and /newnewer are considered "new"
new_verified_findings = Finding.objects.filter(
test__engagement__product=prod,
date__range=[week_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False).order_by("date")
open_findings = Finding.objects.filter(test__engagement__product=prod,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False,
active=True,
mitigated__isnull=True)
closed_findings = Finding.objects.filter(
test__engagement__product=prod,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False,
mitigated__isnull=False)
start_date = timezone.make_aware(
datetime.combine(start_date, datetime.min.time()))
r = relativedelta(end_date, start_date)
weeks_between = int(
ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7)))
if weeks_between <= 0:
weeks_between += 2
punchcard, ticks, highest_count = get_punchcard_data(
verified_findings, weeks_between, start_date)
add_breadcrumb(parent=prod, top_level=False, request=request)
open_close_weekly = OrderedDict()
new_weekly = OrderedDict()
severity_weekly = OrderedDict()
critical_weekly = OrderedDict()
high_weekly = OrderedDict()
medium_weekly = OrderedDict()
for v in verified_findings:
iso_cal = v.date.isocalendar()
x = iso_to_gregorian(iso_cal[0], iso_cal[1], 1)
y = x.strftime("<span class='small'>%m/%d<br/>%Y</span>")
x = (tcalendar.timegm(x.timetuple()) * 1000)
if x not in critical_weekly:
critical_weekly[x] = {'count': 0, 'week': y}
if x not in high_weekly:
high_weekly[x] = {'count': 0, 'week': y}
if x not in medium_weekly:
medium_weekly[x] = {'count': 0, 'week': y}
if x in open_close_weekly:
if v.mitigated:
open_close_weekly[x]['closed'] += 1
else:
open_close_weekly[x]['open'] += 1
else:
if v.mitigated:
open_close_weekly[x] = {'closed': 1, 'open': 0, 'accepted': 0}
else:
open_close_weekly[x] = {'closed': 0, 'open': 1, 'accepted': 0}
open_close_weekly[x]['week'] = y
if x in severity_weekly:
if v.severity in severity_weekly[x]:
severity_weekly[x][v.severity] += 1
else:
severity_weekly[x][v.severity] = 1
else:
severity_weekly[x] = {
'Critical': 0,
'High': 0,
'Medium': 0,
'Low': 0,
'Info': 0
}
severity_weekly[x][v.severity] = 1
severity_weekly[x]['week'] = y
if v.severity == 'Critical':
if x in critical_weekly:
critical_weekly[x]['count'] += 1
else:
critical_weekly[x] = {'count': 1, 'week': y}
elif v.severity == 'High':
if x in high_weekly:
high_weekly[x]['count'] += 1
else:
high_weekly[x] = {'count': 1, 'week': y}
elif v.severity == 'Medium':
if x in medium_weekly:
medium_weekly[x]['count'] += 1
else:
medium_weekly[x] = {'count': 1, 'week': y}
for a in accepted_findings:
iso_cal = a.date.isocalendar()
x = iso_to_gregorian(iso_cal[0], iso_cal[1], 1)
y = x.strftime("<span class='small'>%m/%d<br/>%Y</span>")
x = (tcalendar.timegm(x.timetuple()) * 1000)
if x in open_close_weekly:
open_close_weekly[x]['accepted'] += 1
else:
open_close_weekly[x] = {'closed': 0, 'open': 0, 'accepted': 1}
open_close_weekly[x]['week'] = y
test_data = {}
for t in tests:
if t.test_type.name in test_data:
test_data[t.test_type.name] += t.verified_finding_count()
else:
test_data[t.test_type.name] = t.verified_finding_count()
product_tab = Product_Tab(pid, title="Product", tab="metrics")
return render(
request, 'dojo/product_metrics.html', {
'prod': prod,
'product_tab': product_tab,
'product_metadata': product_metadata,
'engs': engs,
'i_engs': i_engs_page,
'scan_sets': scan_sets,
'verified_findings': verified_findings,
'open_findings': open_findings,
'closed_findings': closed_findings,
'accepted_findings': accepted_findings,
'new_findings': new_verified_findings,
'start_date': start_date,
'punchcard': punchcard,
'ticks': ticks,
'highest_count': highest_count,
'open_close_weekly': open_close_weekly,
'severity_weekly': severity_weekly,
'critical_weekly': critical_weekly,
'high_weekly': high_weekly,
'medium_weekly': medium_weekly,
'test_data': test_data,
'user': request.user,
'authorized': auth
})
def dashboard(request):
now = timezone.now()
seven_days_ago = now - timedelta(days=6) # 6 days plus today
if request.user.is_superuser:
engagement_count = Engagement.objects.filter(active=True).count()
finding_count = Finding.objects.filter(
verified=True,
mitigated=None,
duplicate=False,
date__range=[seven_days_ago, now]).count()
mitigated_count = Finding.objects.filter(
mitigated__date__range=[seven_days_ago, now]).count()
accepted_count = len([
finding for ra in Risk_Acceptance.objects.filter(
created__date__range=[seven_days_ago, now])
for finding in ra.accepted_findings.all()
])
findings = Finding.objects.filter(verified=True, duplicate=False)
# forever counts
else:
engagement_count = Engagement.objects.filter(lead=request.user,
active=True).count()
finding_count = Finding.objects.filter(
reporter=request.user,
verified=True,
duplicate=False,
mitigated=None,
date__range=[seven_days_ago, now]).count()
mitigated_count = Finding.objects.filter(
mitigated_by=request.user,
mitigated__date__range=[seven_days_ago, now]).count()
accepted_count = len([
finding for ra in Risk_Acceptance.objects.filter(
owner=request.user, created__date__range=[seven_days_ago, now])
for finding in ra.accepted_findings.all()
])
# forever counts
findings = Finding.objects.filter(reporter=request.user,
verified=True,
duplicate=False)
severity_count_all = get_severities_all(findings)
severity_count_by_month = get_severities_by_month(findings)
start_date = timezone.now() - relativedelta(weeks=26)
punchcard, ticks = get_punchcard_data(findings, start_date, 26)
unassigned_surveys = Answered_Survey.objects.all().filter(
assignee_id__isnull=True, completed__gt=0)
top_five = get_top5_products(request)
cve = get_cve(request)
add_breadcrumb(request=request, clear=True)
return render(
request, 'dojo/dashboard.html', {
'engagement_count': engagement_count,
'finding_count': finding_count,
'mitigated_count': mitigated_count,
'accepted_count': accepted_count,
'critical': severity_count_all['Critical'],
'high': severity_count_all['High'],
'medium': severity_count_all['Medium'],
'low': severity_count_all['Low'],
'info': severity_count_all['Info'],
'critical_cve': cve['Critical'],
'high_cve': cve['High'],
'medium_cve': cve['Medium'],
'low_cve': cve['Low'],
'info_cve': cve['Info'],
'by_month': severity_count_by_month,
'punchcard': punchcard,
'ticks': ticks,
'top_five_products': top_five,
'surveys': unassigned_surveys
})
def metrics(request, mtype):
template = 'dojo/metrics.html'
page_name = 'Product Type Metrics'
show_pt_filter = True
sql_age_query = ""
if "postgresql" in settings.DATABASES["default"]["ENGINE"]:
sql_age_query = """SELECT (CASE WHEN (dojo_finding.mitigated IS NULL)
THEN DATE_PART(\'day\', date::timestamp - dojo_finding.date::timestamp)
ELSE DATE_PART(\'day\', dojo_finding.mitigated::timestamp - dojo_finding.date::timestamp) END)"""
else:
sql_age_query = """SELECT IF(dojo_finding.mitigated IS NULL, DATEDIFF(CURDATE(), dojo_finding.date),
DATEDIFF(dojo_finding.mitigated, dojo_finding.date))"""
findings = Finding.objects.filter(
verified=True,
severity__in=('Critical', 'High', 'Medium', 'Low', 'Info')
).prefetch_related(
'test__engagement__product', 'test__engagement__product__prod_type',
'test__engagement__risk_acceptance', 'risk_acceptance_set', 'reporter'
).extra(select={
'ra_count':
'SELECT COUNT(*) FROM dojo_risk_acceptance INNER JOIN '
'dojo_risk_acceptance_accepted_findings ON '
'( dojo_risk_acceptance.id = dojo_risk_acceptance_accepted_findings.risk_acceptance_id ) '
'WHERE dojo_risk_acceptance_accepted_findings.finding_id = dojo_finding.id',
"sql_age":
sql_age_query
}, )
active_findings = Finding.objects.filter(
verified=True,
active=True,
severity__in=('Critical', 'High', 'Medium', 'Low', 'Info')
).prefetch_related(
'test__engagement__product', 'test__engagement__product__prod_type',
'test__engagement__risk_acceptance', 'risk_acceptance_set', 'reporter'
).extra(select={
'ra_count':
'SELECT COUNT(*) FROM dojo_risk_acceptance INNER JOIN '
'dojo_risk_acceptance_accepted_findings ON '
'( dojo_risk_acceptance.id = dojo_risk_acceptance_accepted_findings.risk_acceptance_id ) '
'WHERE dojo_risk_acceptance_accepted_findings.finding_id = dojo_finding.id',
"sql_age":
sql_age_query
}, )
if mtype != 'All':
pt = Product_Type.objects.filter(id=mtype)
request.GET._mutable = True
request.GET.appendlist('test__engagement__product__prod_type', mtype)
request.GET._mutable = False
mtype = pt[0].name
show_pt_filter = False
page_name = '%s Metrics' % mtype
prod_type = pt
elif 'test__engagement__product__prod_type' in request.GET:
prod_type = Product_Type.objects.filter(id__in=request.GET.getlist(
'test__engagement__product__prod_type', []))
else:
prod_type = Product_Type.objects.all()
findings = MetricsFindingFilter(request.GET, queryset=findings)
active_findings = MetricsFindingFilter(request.GET,
queryset=active_findings)
findings.qs # this is needed to load details from filter since it is lazy
active_findings.qs # this is needed to load details from filter since it is lazy
start_date = findings.filters['date'].start_date
start_date = datetime(start_date.year,
start_date.month,
start_date.day,
tzinfo=timezone.get_current_timezone())
end_date = findings.filters['date'].end_date
end_date = datetime(end_date.year,
end_date.month,
end_date.day,
tzinfo=timezone.get_current_timezone())
if len(prod_type) > 0:
findings_closed = Finding.objects.filter(
mitigated__range=[start_date, end_date],
test__engagement__product__prod_type__in=prod_type
).prefetch_related('test__engagement__product')
# capture the accepted findings in period
accepted_findings = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date],
test__engagement__product__prod_type__in=prod_type). \
prefetch_related('test__engagement__product')
accepted_findings_counts = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date],
test__engagement__product__prod_type__in=prod_type). \
prefetch_related('test__engagement__product').aggregate(
total=Sum(
Case(When(severity__in=('Critical', 'High', 'Medium', 'Low'),
then=Value(1)),
output_field=IntegerField())),
critical=Sum(
Case(When(severity='Critical',
then=Value(1)),
output_field=IntegerField())),
high=Sum(
Case(When(severity='High',
then=Value(1)),
output_field=IntegerField())),
medium=Sum(
Case(When(severity='Medium',
then=Value(1)),
output_field=IntegerField())),
low=Sum(
Case(When(severity='Low',
then=Value(1)),
output_field=IntegerField())),
info=Sum(
Case(When(severity='Info',
then=Value(1)),
output_field=IntegerField())),
)
else:
findings_closed = Finding.objects.filter(
mitigated__range=[start_date, end_date]).prefetch_related(
'test__engagement__product')
accepted_findings = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date]). \
prefetch_related('test__engagement__product')
accepted_findings_counts = Finding.objects.filter(risk_acceptance__created__range=[start_date, end_date]). \
prefetch_related('test__engagement__product').aggregate(
total=Sum(
Case(When(severity__in=('Critical', 'High', 'Medium', 'Low'),
then=Value(1)),
output_field=IntegerField())),
critical=Sum(
Case(When(severity='Critical',
then=Value(1)),
output_field=IntegerField())),
high=Sum(
Case(When(severity='High',
then=Value(1)),
output_field=IntegerField())),
medium=Sum(
Case(When(severity='Medium',
then=Value(1)),
output_field=IntegerField())),
low=Sum(
Case(When(severity='Low',
then=Value(1)),
output_field=IntegerField())),
info=Sum(
Case(When(severity='Info',
then=Value(1)),
output_field=IntegerField())),
)
r = relativedelta(end_date, start_date)
months_between = (r.years * 12) + r.months
# include current month
months_between += 1
weeks_between = int(
ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7)))
if weeks_between <= 0:
weeks_between += 2
monthly_counts = get_period_counts(active_findings.qs,
findings.qs,
findings_closed,
accepted_findings,
months_between,
start_date,
relative_delta='months')
weekly_counts = get_period_counts(active_findings.qs,
findings.qs,
findings_closed,
accepted_findings,
weeks_between,
start_date,
relative_delta='weeks')
top_ten = Product.objects.filter(
engagement__test__finding__verified=True,
engagement__test__finding__false_p=False,
engagement__test__finding__duplicate=False,
engagement__test__finding__out_of_scope=False,
engagement__test__finding__mitigated__isnull=True,
engagement__test__finding__severity__in=('Critical', 'High', 'Medium',
'Low'),
prod_type__in=prod_type).annotate(
critical=Sum(
Case(When(engagement__test__finding__severity='Critical',
then=Value(1)),
output_field=IntegerField())),
high=Sum(
Case(When(engagement__test__finding__severity='High',
then=Value(1)),
output_field=IntegerField())),
medium=Sum(
Case(When(engagement__test__finding__severity='Medium',
then=Value(1)),
output_field=IntegerField())),
low=Sum(
Case(When(engagement__test__finding__severity='Low',
then=Value(1)),
output_field=IntegerField())),
total=Sum(
Case(When(engagement__test__finding__severity__in=('Critical',
'High',
'Medium',
'Low'),
then=Value(1)),
output_field=IntegerField()))).order_by(
'-critical', '-high', '-medium', '-low')[:10]
age_detail = [0, 0, 0, 0]
in_period_counts = {
"Critical": 0,
"High": 0,
"Medium": 0,
"Low": 0,
"Info": 0,
"Total": 0
}
in_period_details = {}
closed_in_period_counts = {
"Critical": 0,
"High": 0,
"Medium": 0,
"Low": 0,
"Info": 0,
"Total": 0
}
closed_in_period_details = {}
accepted_in_period_details = {}
for finding in findings.qs:
if 0 <= finding.sql_age <= 30:
age_detail[0] += 1
elif 30 < finding.sql_age <= 60:
age_detail[1] += 1
elif 60 < finding.sql_age <= 90:
age_detail[2] += 1
elif finding.sql_age > 90:
age_detail[3] += 1
in_period_counts[finding.severity] += 1
in_period_counts['Total'] += 1
if finding.test.engagement.product.name not in in_period_details:
in_period_details[finding.test.engagement.product.name] = {
'path':
reverse('view_product_findings',
args=(finding.test.engagement.product.id, )),
'Critical':
0,
'High':
0,
'Medium':
0,
'Low':
0,
'Info':
0,
'Total':
0
}
in_period_details[finding.test.engagement.product.name][
finding.severity] += 1
in_period_details[finding.test.engagement.product.name]['Total'] += 1
for finding in accepted_findings:
if finding.test.engagement.product.name not in accepted_in_period_details:
accepted_in_period_details[
finding.test.engagement.product.name] = {
'path':
reverse('accepted_findings') +
'?test__engagement__product=' +
str(finding.test.engagement.product.id),
'Critical':
0,
'High':
0,
'Medium':
0,
'Low':
0,
'Info':
0,
'Total':
0
}
accepted_in_period_details[finding.test.engagement.product.name][
finding.severity] += 1
accepted_in_period_details[
finding.test.engagement.product.name]['Total'] += 1
for f in findings_closed:
closed_in_period_counts[f.severity] += 1
closed_in_period_counts['Total'] += 1
if f.test.engagement.product.name not in closed_in_period_details:
closed_in_period_details[f.test.engagement.product.name] = {
'path':
reverse('closed_findings') + '?test__engagement__product=' +
str(f.test.engagement.product.id),
'Critical':
0,
'High':
0,
'Medium':
0,
'Low':
0,
'Info':
0,
'Total':
0
}
closed_in_period_details[f.test.engagement.product.name][
f.severity] += 1
closed_in_period_details[f.test.engagement.product.name]['Total'] += 1
punchcard = list()
ticks = list()
highest_count = 0
if 'view' in request.GET and 'dashboard' == request.GET['view']:
punchcard, ticks, highest_count = get_punchcard_data(
findings.qs, weeks_between, start_date)
page_name = (get_system_setting('team_name')) + " Metrics"
template = 'dojo/dashboard-metrics.html'
add_breadcrumb(title=page_name,
top_level=not len(request.GET),
request=request)
return render(
request, template, {
'name': page_name,
'start_date': start_date,
'end_date': end_date,
'findings': findings,
'opened_per_month': monthly_counts['opened_per_period'],
'active_per_month': monthly_counts['active_per_period'],
'opened_per_week': weekly_counts['opened_per_period'],
'accepted_per_month': monthly_counts['accepted_per_period'],
'accepted_per_week': weekly_counts['accepted_per_period'],
'top_ten_products': top_ten,
'age_detail': age_detail,
'in_period_counts': in_period_counts,
'in_period_details': in_period_details,
'accepted_in_period_counts': accepted_findings_counts,
'accepted_in_period_details': accepted_in_period_details,
'closed_in_period_counts': closed_in_period_counts,
'closed_in_period_details': closed_in_period_details,
'punchcard': punchcard,
'ticks': ticks,
'highest_count': highest_count,
'show_pt_filter': show_pt_filter,
})
def view_product_metrics(request, pid):
prod = get_object_or_404(Product, id=pid)
engs = Engagement.objects.filter(product=prod, active=True)
result = EngagementFilter(
request.GET,
queryset=Engagement.objects.filter(product=prod, active=False).order_by('-target_end'))
i_engs_page = get_page_items(request, result.qs, 10)
scan_sets = ScanSettings.objects.filter(product=prod)
auth = request.user.is_staff or request.user in prod.authorized_users.all()
if not auth:
# will render 403
raise PermissionDenied
ct = ContentType.objects.get_for_model(prod)
product_cf = CustomField.objects.filter(content_type=ct)
product_metadata = {}
for cf in product_cf:
cfv = CustomFieldValue.objects.filter(field=cf, object_id=prod.id)
if len(cfv):
product_metadata[cf.name] = cfv[0].value
try:
start_date = Finding.objects.filter(test__engagement__product=prod).order_by('date')[:1][0].date
except:
start_date = timezone.now()
end_date = timezone.now()
tests = Test.objects.filter(engagement__product=prod)
risk_acceptances = Risk_Acceptance.objects.filter(engagement__in=Engagement.objects.filter(product=prod))
accepted_findings = [finding for ra in risk_acceptances
for finding in ra.accepted_findings.all()]
verified_findings = Finding.objects.filter(test__engagement__product=prod,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False).order_by("date")
week_date = end_date - timedelta(days=7) # seven days and /newnewer are considered "new"
new_verified_findings = Finding.objects.filter(test__engagement__product=prod,
date__range=[week_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False).order_by("date")
open_findings = Finding.objects.filter(test__engagement__product=prod,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False,
active=True,
mitigated__isnull=True)
closed_findings = Finding.objects.filter(test__engagement__product=prod,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False,
mitigated__isnull=False)
start_date = timezone.make_aware(datetime.combine(start_date, datetime.min.time()))
r = relativedelta(end_date, start_date)
weeks_between = int(ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7)))
if weeks_between <= 0:
weeks_between += 2
punchcard, ticks, highest_count = get_punchcard_data(verified_findings, weeks_between, start_date)
add_breadcrumb(parent=prod, top_level=False, request=request)
open_close_weekly = OrderedDict()
new_weekly = OrderedDict()
severity_weekly = OrderedDict()
critical_weekly = OrderedDict()
high_weekly = OrderedDict()
medium_weekly = OrderedDict()
for v in verified_findings:
iso_cal = v.date.isocalendar()
x = iso_to_gregorian(iso_cal[0], iso_cal[1], 1)
y = x.strftime("<span class='small'>%m/%d<br/>%Y</span>")
x = (tcalendar.timegm(x.timetuple()) * 1000)
if x not in critical_weekly:
critical_weekly[x] = {'count': 0, 'week': y}
if x not in high_weekly:
high_weekly[x] = {'count': 0, 'week': y}
if x not in medium_weekly:
medium_weekly[x] = {'count': 0, 'week': y}
if x in open_close_weekly:
if v.mitigated:
open_close_weekly[x]['closed'] += 1
else:
open_close_weekly[x]['open'] += 1
else:
if v.mitigated:
open_close_weekly[x] = {'closed': 1, 'open': 0, 'accepted': 0}
else:
open_close_weekly[x] = {'closed': 0, 'open': 1, 'accepted': 0}
open_close_weekly[x]['week'] = y
if x in severity_weekly:
if v.severity in severity_weekly[x]:
severity_weekly[x][v.severity] += 1
else:
severity_weekly[x][v.severity] = 1
else:
severity_weekly[x] = {'Critical': 0, 'High': 0,
'Medium': 0, 'Low': 0, 'Info': 0}
severity_weekly[x][v.severity] = 1
severity_weekly[x]['week'] = y
if v.severity == 'Critical':
if x in critical_weekly:
critical_weekly[x]['count'] += 1
else:
critical_weekly[x] = {'count': 1, 'week': y}
elif v.severity == 'High':
if x in high_weekly:
high_weekly[x]['count'] += 1
else:
high_weekly[x] = {'count': 1, 'week': y}
elif v.severity == 'Medium':
if x in medium_weekly:
medium_weekly[x]['count'] += 1
else:
medium_weekly[x] = {'count': 1, 'week': y}
for a in accepted_findings:
iso_cal = a.date.isocalendar()
x = iso_to_gregorian(iso_cal[0], iso_cal[1], 1)
y = x.strftime("<span class='small'>%m/%d<br/>%Y</span>")
x = (tcalendar.timegm(x.timetuple()) * 1000)
if x in open_close_weekly:
open_close_weekly[x]['accepted'] += 1
else:
open_close_weekly[x] = {'closed': 0, 'open': 0, 'accepted': 1}
open_close_weekly[x]['week'] = y
test_data = {}
for t in tests:
if t.test_type.name in test_data:
test_data[t.test_type.name] += t.verified_finding_count()
else:
test_data[t.test_type.name] = t.verified_finding_count()
product_tab = Product_Tab(pid, title="Product", tab="metrics")
return render(request,
'dojo/product_metrics.html',
{'prod': prod,
'product_tab': product_tab,
'product_metadata': product_metadata,
'engs': engs,
'i_engs': i_engs_page,
'scan_sets': scan_sets,
'verified_findings': verified_findings,
'open_findings': open_findings,
'closed_findings': closed_findings,
'accepted_findings': accepted_findings,
'new_findings': new_verified_findings,
'start_date': start_date,
'punchcard': punchcard,
'ticks': ticks,
'highest_count': highest_count,
'open_close_weekly': open_close_weekly,
'severity_weekly': severity_weekly,
'critical_weekly': critical_weekly,
'high_weekly': high_weekly,
'medium_weekly': medium_weekly,
'test_data': test_data,
'user': request.user,
'authorized': auth})
def dashboard(request):
now = timezone.now()
seven_days_ago = now - timedelta(days=7)
if request.user.is_superuser:
engagement_count = Engagement.objects.filter(active=True).count()
finding_count = Finding.objects.filter(verified=True,
mitigated=None,
duplicate=False,
date__range=[seven_days_ago,
now]).count()
mitigated_count = Finding.objects.filter(mitigated__range=[seven_days_ago,
now]).count()
accepted_count = len([finding for ra in Risk_Acceptance.objects.filter(
reporter=request.user, created__range=[seven_days_ago, now]) for finding in ra.accepted_findings.all()])
# forever counts
findings = Finding.objects.filter(verified=True, duplicate=False)
else:
engagement_count = Engagement.objects.filter(lead=request.user,
active=True).count()
finding_count = Finding.objects.filter(reporter=request.user,
verified=True,
duplicate=False,
mitigated=None,
date__range=[seven_days_ago,
now]).count()
mitigated_count = Finding.objects.filter(mitigated_by=request.user,
mitigated__range=[seven_days_ago,
now]).count()
accepted_count = len([finding for ra in Risk_Acceptance.objects.filter(
reporter=request.user, created__range=[seven_days_ago, now]) for finding in ra.accepted_findings.all()])
# forever counts
findings = Finding.objects.filter(reporter=request.user,
verified=True, duplicate=True)
sev_counts = {'Critical': 0,
'High': 0,
'Medium': 0,
'Low': 0,
'Info': 0}
for finding in findings:
if finding.severity:
sev_counts[finding.severity] += 1
by_month = list()
dates_to_use = [now,
now - relativedelta(months=1),
now - relativedelta(months=2),
now - relativedelta(months=3),
now - relativedelta(months=4),
now - relativedelta(months=5),
now - relativedelta(months=6)]
for date_to_use in dates_to_use:
sourcedata = {'y': date_to_use.strftime("%Y-%m"), 'a': 0, 'b': 0,
'c': 0, 'd': 0, 'e': 0}
for finding in Finding.objects.filter(
reporter=request.user,
verified=True,
duplicate=False,
date__range=[datetime(date_to_use.year,
date_to_use.month, 1,
tzinfo=timezone.get_current_timezone()),
datetime(date_to_use.year,
date_to_use.month,
monthrange(date_to_use.year,
date_to_use.month)[1],
tzinfo=timezone.get_current_timezone())]):
if finding.severity == 'Critical':
sourcedata['a'] += 1
elif finding.severity == 'High':
sourcedata['b'] += 1
elif finding.severity == 'Medium':
sourcedata['c'] += 1
elif finding.severity == 'Low':
sourcedata['d'] += 1
elif finding.severity == 'Info':
sourcedata['e'] += 1
by_month.append(sourcedata)
start_date = now - timedelta(days=180)
r = relativedelta(now, start_date)
weeks_between = int(ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7)))
if weeks_between <= 0:
weeks_between += 2
punchcard, ticks, highest_count = get_punchcard_data(findings, weeks_between, start_date)
add_breadcrumb(request=request, clear=True)
return render(request,
'dojo/dashboard.html',
{'engagement_count': engagement_count,
'finding_count': finding_count,
'mitigated_count': mitigated_count,
'accepted_count': accepted_count,
'critical': sev_counts['Critical'],
'high': sev_counts['High'],
'medium': sev_counts['Medium'],
'low': sev_counts['Low'],
'info': sev_counts['Info'],
'by_month': by_month,
'punchcard': punchcard,
'ticks': ticks,
'highest_count': highest_count})
def metrics(request, mtype):
template = 'dojo/metrics.html'
show_pt_filter = True
view = identify_view(request)
page_name = 'Product Type Metrics by '
age_detail = [0, 0, 0, 0]
in_period_counts = {
"Critical": 0,
"High": 0,
"Medium": 0,
"Low": 0,
"Info": 0,
"Total": 0
}
in_period_details = {}
closed_in_period_counts = {
"Critical": 0,
"High": 0,
"Medium": 0,
"Low": 0,
"Info": 0,
"Total": 0
}
closed_in_period_details = {}
accepted_in_period_details = {}
if mtype != 'All':
pt = Product_Type.objects.filter(id=mtype)
request.GET._mutable = True
request.GET.appendlist('test__engagement__product__prod_type', mtype)
request.GET._mutable = False
mtype = pt[0].name
show_pt_filter = False
page_name = '%s Metrics' % mtype
prod_type = pt
elif 'test__engagement__product__prod_type' in request.GET:
prod_type = Product_Type.objects.filter(id__in=request.GET.getlist(
'test__engagement__product__prod_type', []))
else:
prod_type = Product_Type.objects.all()
filters = dict()
if view == 'Finding':
page_name += 'Findings'
filters = finding_querys(prod_type, request)
elif view == 'Endpoint':
page_name += 'Affected Endpoints'
filters = endpoint_querys(prod_type, request)
for obj in queryset_check(filters['all']):
if view == 'Endpoint':
obj = obj.finding
if 0 <= obj.age <= 30:
age_detail[0] += 1
elif 30 < obj.age <= 60:
age_detail[1] += 1
elif 60 < obj.age <= 90:
age_detail[2] += 1
elif obj.age > 90:
age_detail[3] += 1
in_period_counts[obj.severity] += 1
in_period_counts['Total'] += 1
if obj.test.engagement.product.name not in in_period_details:
in_period_details[obj.test.engagement.product.name] = {
'path':
reverse('product_open_findings',
args=(obj.test.engagement.product.id, )),
'Critical':
0,
'High':
0,
'Medium':
0,
'Low':
0,
'Info':
0,
'Total':
0
}
in_period_details[obj.test.engagement.product.name][obj.severity] += 1
in_period_details[obj.test.engagement.product.name]['Total'] += 1
for obj in filters['accepted']:
if view == 'Endpoint':
obj = finding.finding
if obj.test.engagement.product.name not in accepted_in_period_details:
accepted_in_period_details[obj.test.engagement.product.name] = {
'path':
reverse('accepted_findings') + '?test__engagement__product=' +
str(obj.test.engagement.product.id),
'Critical':
0,
'High':
0,
'Medium':
0,
'Low':
0,
'Info':
0,
'Total':
0
}
accepted_in_period_details[obj.test.engagement.product.name][
obj.severity] += 1
accepted_in_period_details[
obj.test.engagement.product.name]['Total'] += 1
for obj in filters['closed']:
if view == 'Endpoint':
obj = obj.finding
closed_in_period_counts[obj.severity] += 1
closed_in_period_counts['Total'] += 1
if obj.test.engagement.product.name not in closed_in_period_details:
closed_in_period_details[obj.test.engagement.product.name] = {
'path':
reverse('closed_findings') + '?test__engagement__product=' +
str(obj.test.engagement.product.id),
'Critical':
0,
'High':
0,
'Medium':
0,
'Low':
0,
'Info':
0,
'Total':
0
}
closed_in_period_details[obj.test.engagement.product.name][
obj.severity] += 1
closed_in_period_details[
obj.test.engagement.product.name]['Total'] += 1
punchcard = list()
ticks = list()
monthly_counts = filters['monthly_counts']
weekly_counts = filters['weekly_counts']
if 'view' in request.GET and 'dashboard' == request.GET['view']:
punchcard, ticks = get_punchcard_data(queryset_check(filters['all']),
filters['start_date'],
filters['weeks_between'], view)
page_name = (get_system_setting('team_name')) + " Metrics"
template = 'dojo/dashboard-metrics.html'
add_breadcrumb(title=page_name,
top_level=not len(request.GET),
request=request)
return render(
request, template, {
'name': page_name,
'start_date': filters['start_date'],
'end_date': filters['end_date'],
'findings': filters['all'],
'opened_per_month': monthly_counts['opened_per_period'],
'active_per_month': monthly_counts['active_per_period'],
'opened_per_week': weekly_counts['opened_per_period'],
'accepted_per_month': monthly_counts['accepted_per_period'],
'accepted_per_week': weekly_counts['accepted_per_period'],
'top_ten_products': filters['top_ten'],
'age_detail': age_detail,
'in_period_counts': in_period_counts,
'in_period_details': in_period_details,
'accepted_in_period_counts': filters['accepted_count'],
'accepted_in_period_details': accepted_in_period_details,
'closed_in_period_counts': closed_in_period_counts,
'closed_in_period_details': closed_in_period_details,
'punchcard': punchcard,
'ticks': ticks,
'show_pt_filter': show_pt_filter,
})
def view_product(request, pid):
prod = get_object_or_404(Product, id=pid)
engs = Engagement.objects.filter(product=prod, active=True)
i_engs = Engagement.objects.filter(product=prod, active=False)
scan_sets = ScanSettings.objects.filter(product=prod)
auth = request.user.is_staff or request.user in prod.authorized_users.all()
if not auth:
# will render 403
raise PermissionDenied
try:
start_date = Finding.objects.filter(product=prod).order_by('date')[:1][0].date
except:
start_date = localtz.localize(datetime.today())
end_date = localtz.localize(datetime.today())
risk_acceptances = Risk_Acceptance.objects.filter(engagement__in=Engagement.objects.filter(product=prod))
accepted_findings = [finding for ra in risk_acceptances
for finding in ra.accepted_findings.all()]
verified_findings = Finding.objects.filter(product=prod,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False)
open_findings = Finding.objects.filter(product=prod,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False,
active=True,
mitigated__isnull=True)
closed_findings = Finding.objects.filter(product=prod,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False,
mitigated__isnull=False)
start_date = localtz.localize(datetime.combine(start_date, datetime.min.time()))
r = relativedelta(end_date, start_date)
weeks_between = int(ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7)))
if weeks_between <= 0:
weeks_between += 2
punchcard, ticks, highest_count = get_punchcard_data(verified_findings, weeks_between, start_date)
add_breadcrumb(parent=prod, top_level=False, request=request)
return render(request,
'dojo/view_product.html',
{'prod': prod,
'engs': engs,
'i_engs': i_engs,
'scan_sets': scan_sets,
'verified_findings': verified_findings,
'open_findings': open_findings,
'closed_findings': closed_findings,
'accepted_findings': accepted_findings,
'punchcard': punchcard,
'ticks': ticks,
'highest_count': highest_count,
'user': request.user,
'authorized': auth})
def view_product(request, pid):
prod = get_object_or_404(Product, id=pid)
engs = Engagement.objects.filter(product=prod, active=True)
i_engs = Engagement.objects.filter(product=prod, active=False)
scan_sets = ScanSettings.objects.filter(product=prod)
auth = request.user.is_staff or request.user in prod.authorized_users.all()
if not auth:
# will render 403
raise PermissionDenied
try:
start_date = Finding.objects.filter(
test__engagement__product=prod).order_by('date')[:1][0].date
except:
start_date = localtz.localize(datetime.today())
end_date = localtz.localize(datetime.today())
risk_acceptances = Risk_Acceptance.objects.filter(
engagement__in=Engagement.objects.filter(product=prod))
accepted_findings = [
finding for ra in risk_acceptances
for finding in ra.accepted_findings.all()
]
verified_findings = Finding.objects.filter(
test__engagement__product=prod,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False)
open_findings = Finding.objects.filter(test__engagement__product=prod,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False,
active=True,
mitigated__isnull=True)
closed_findings = Finding.objects.filter(
test__engagement__product=prod,
date__range=[start_date, end_date],
false_p=False,
verified=True,
duplicate=False,
out_of_scope=False,
mitigated__isnull=False)
start_date = localtz.localize(
datetime.combine(start_date, datetime.min.time()))
r = relativedelta(end_date, start_date)
weeks_between = int(
ceil((((r.years * 12) + r.months) * 4.33) + (r.days / 7)))
if weeks_between <= 0:
weeks_between += 2
punchcard, ticks, highest_count = get_punchcard_data(
verified_findings, weeks_between, start_date)
add_breadcrumb(parent=prod, top_level=False, request=request)
return render(
request, 'dojo/view_product.html', {
'prod': prod,
'engs': engs,
'i_engs': i_engs,
'scan_sets': scan_sets,
'verified_findings': verified_findings,
'open_findings': open_findings,
'closed_findings': closed_findings,
'accepted_findings': accepted_findings,
'punchcard': punchcard,
'ticks': ticks,
'highest_count': highest_count,
'user': request.user,
'authorized': auth
})
def metrics(request, mtype):
template = 'dojo/metrics.html'
show_pt_filter = True
view = identify_view(request)
page_name = 'Product Type Metrics by '
if mtype != 'All':
pt = Product_Type.objects.filter(id=mtype)
request.GET._mutable = True
request.GET.appendlist('test__engagement__product__prod_type', mtype)
request.GET._mutable = False
mtype = pt[0].name
show_pt_filter = False
page_name = '%s Metrics' % mtype
prod_type = pt
elif 'test__engagement__product__prod_type' in request.GET:
prod_type = Product_Type.objects.filter(id__in=request.GET.getlist('test__engagement__product__prod_type', []))
else:
prod_type = get_authorized_product_types(Permissions.Product_Type_View)
# legacy code calls has 'prod_type' as 'related_name' for product.... so weird looking prefetch
prod_type = prod_type.prefetch_related('prod_type', 'prod_type__authorized_users', 'authorized_users')
filters = dict()
if view == 'Finding':
page_name += 'Findings'
filters = finding_querys(prod_type, request)
elif view == 'Endpoint':
page_name += 'Affected Endpoints'
filters = endpoint_querys(prod_type, request)
in_period_counts, in_period_details, age_detail = get_in_period_details([
obj.finding if view == 'Endpoint' else obj
for obj in queryset_check(filters['all'])
])
accepted_in_period_details = get_accepted_in_period_details([
obj.finding if view == 'Endpoint' else obj
for obj in filters['accepted']
])
closed_in_period_counts, closed_in_period_details = get_closed_in_period_details([
obj.finding if view == 'Endpoint' else obj
for obj in filters['closed']
])
punchcard = list()
ticks = list()
if 'view' in request.GET and 'dashboard' == request.GET['view']:
punchcard, ticks = get_punchcard_data(queryset_check(filters['all']), filters['start_date'], filters['weeks_between'], view)
page_name = (get_system_setting('team_name')) + " Metrics"
template = 'dojo/dashboard-metrics.html'
add_breadcrumb(title=page_name, top_level=not len(request.GET), request=request)
return render(request, template, {
'name': page_name,
'start_date': filters['start_date'],
'end_date': filters['end_date'],
'findings': filters['all'],
'opened_per_month': filters['monthly_counts']['opened_per_period'],
'active_per_month': filters['monthly_counts']['active_per_period'],
'opened_per_week': filters['weekly_counts']['opened_per_period'],
'accepted_per_month': filters['monthly_counts']['accepted_per_period'],
'accepted_per_week': filters['weekly_counts']['accepted_per_period'],
'top_ten_products': filters['top_ten'],
'age_detail': age_detail,
'in_period_counts': in_period_counts,
'in_period_details': in_period_details,
'accepted_in_period_counts': filters['accepted_count'],
'accepted_in_period_details': accepted_in_period_details,
'closed_in_period_counts': closed_in_period_counts,
'closed_in_period_details': closed_in_period_details,
'punchcard': punchcard,
'ticks': ticks,
'show_pt_filter': show_pt_filter,
})
