Added criticality justification, steps to reproduce, hotkey fix and sla update

aaronweaver · aaronweaver · commit e2dfbe49ff1d · 2018-07-24T10:27:28.000-04:00
diff --git a/dojo/__init__.py b/dojo/__init__.py
@@ -4,7 +4,7 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa
 
-__version__ = '1.5.0'
+__version__ = '1.5.1'
 __url__ = 'https://github.com/DefectDojo/django-DefectDojo'
 __docs__ = 'http://defectdojo.readthedocs.io/'
 __demo__ = 'http://defectdojo.pythonanywhere.com/'
diff --git a/dojo/models.py b/dojo/models.py
@@ -933,10 +933,12 @@ class Finding(models.Model):
     date = models.DateField(default=get_current_date)
     cwe = models.IntegerField(default=0, null=True, blank=True)
     url = models.TextField(null=True, blank=True, editable=False)
-    severity = models.CharField(max_length=200)
+    severity = models.CharField(max_length=200, help_text="The severity level of this flaw (Critical, High, Medium, Low, Informational)")
     description = models.TextField()
     mitigation = models.TextField()
     impact = models.TextField()
+    steps_to_reproduce = models.TextField(null=True, blank=True)
+    severity_justification = models.TextField(null=True, blank=True)
     endpoints = models.ManyToManyField(Endpoint, blank=True, )
     unsaved_endpoints = []
     unsaved_request = None
@@ -1086,10 +1088,19 @@ def age(self):
         return days if days > 0 else 0
 
     def sla(self):
+        sla_calculation = None
         severity = self.severity
         from dojo.utils import get_system_setting
         sla_age = get_system_setting('sla_' + self.severity.lower())
-        return sla_age - self.age()
+        if sla_age and self.active:
+            sla_calculation = sla_age - self.age()
+        elif sla_age and self.mitigated:
+            age = self.age()
+            if age < sla_age:
+                sla_calculation = 0
+            else:
+                sla_calculation = sla_age - age
+        return sla_calculation
 
     def jira(self):
         try:
diff --git a/dojo/static/dojo/css/dojo.css b/dojo/static/dojo/css/dojo.css
@@ -551,6 +551,14 @@ form ul#id_accepted_findings input {
     background-color: green;
 }
 
+.age-blue {
+    background-color: blue;
+}
+
+.age-orange {
+    background-color: #EE7600;
+}
+
 .dojo-search {
     clear: right !important;
     display: inline-block !important;
diff --git a/dojo/templates/dojo/engagement_pdf_report.html b/dojo/templates/dojo/engagement_pdf_report.html
@@ -329,6 +329,14 @@ <h6>Response {{forloop.counter}}</h6>
 
                     <h6>Impact</h6>
                     <pre>{{ finding.impact|markdown_render }}</pre>
+                    {% if finding.steps_to_reproduce %}
+                    <h6>Steps to Reproduce</h6>
+                    <pre>{{ finding.steps_to_reproduce|markdown_render }}</pre>
+                    {% endif %}
+                    {% if finding.severity_justification %}
+                    <h6>Severity Justification</h6>
+                    <pre>{{ finding.severity_justification|markdown_render }}</pre>
+                    {% endif %}
                     <h6>References</h6>
                     <pre>{{ finding.references|markdown_render }}</pre>
                     {% if include_finding_images %}
diff --git a/dojo/templates/dojo/product_pdf_report.html b/dojo/templates/dojo/product_pdf_report.html
@@ -311,6 +311,14 @@ <h6>Response {{forloop.counter}}</h6>
 
                     <h6>Impact</h6>
                     <pre>{{ finding.impact|markdown_render }}</pre>
+                    {% if finding.steps_to_reproduce %}
+                    <h6>Steps to Reproduce</h6>
+                    <pre>{{ finding.steps_to_reproduce|markdown_render }}</pre>
+                    {% endif %}
+                    {% if finding.severity_justification %}
+                    <h6>Severity Justification</h6>
+                    <pre>{{ finding.severity_justification|markdown_render }}</pre>
+                    {% endif %}
                     {% if finding.references %}
                     <h6>References</h6>
                     <pre>{{ finding.references|markdown_render }}</pre>
diff --git a/dojo/templates/dojo/test_pdf_report.html b/dojo/templates/dojo/test_pdf_report.html
@@ -312,6 +312,14 @@ <h6>Response {{forloop.counter}}</h6>
 
                     <h6>Impact</h6>
                     <pre>{{ finding.impact|markdown_render }}</pre>
+                    {% if finding.steps_to_reproduce %}
+                    <h6>Steps to Reproduce</h6>
+                    <pre>{{ finding.steps_to_reproduce|markdown_render }}</pre>
+                    {% endif %}
+                    {% if finding.severity_justification %}
+                    <h6>Severity Justification</h6>
+                    <pre>{{ finding.severity_justification|markdown_render }}</pre>
+                    {% endif %}
                     <h6>References</h6>
                     <pre>{{ finding.references|markdown_render }}</pre>
                     {% if include_finding_images %}
diff --git a/dojo/templates/dojo/view_eng.html b/dojo/templates/dojo/view_eng.html
@@ -436,7 +436,7 @@ <h3 class="panel-title"><span class="fa fa-info-circle fa-fw" aria-hidden="true"
   </div>
   {% if eng.engagement_type == "CI/CD" %}
   <div>
-    <div class="panel panel-default">
+    <div class="panel panel-default-secondary">
       <div class="panel-heading">
         <h3 class="panel-title"><span class="fa fa-server" aria-hidden="true"></span>
           CI/CD Engagement Details
@@ -593,18 +593,21 @@ <h4><span class="fa fa-key" aria-hidden="true"></span>
 {% endblock %}
 {% block postscript %}
     <script type="text/javascript" src="{% static "jquery-highlight/jquery.highlight.js" %}"></script>
+    <script type="application/javascript" src="{% static "jquery.hotkeys/jquery.hotkeys.js" %}"></script>
         <script type="text/javascript">
         $(function () {
-            $(document).on('keypress', function(e) {
-                var key = String.fromCharCode(e.which);
-                if (key =='e') {
-                  window.location.assign('{% url 'edit_engagement' eng.id %}');
-                } else if (key === 'a') {
-                  window.location.assign('{% url 'add_tests' eng.id %}');
-                } else if (key === 'i') {
-                  window.location.assign('{% url 'import_scan_results' eng.id %}');
-                }
+            $(document).on('keypress', null, 'e', function () {
+              window.location.assign('{% url 'edit_engagement' eng.id %}');
+            });
+
+            $(document).on('keypress', null, 'a', function () {
+                window.location.assign('{% url 'add_tests' eng.id %}');
             });
+
+            $(document).on('keypress', null, 'i', function () {
+                window.location.assign('{% url 'import_scan_results' eng.id %}');
+            });
+
             $(document).ready(function(){
               $('[data-toggle="tooltip"]').tooltip();
             });
diff --git a/dojo/templates/dojo/view_finding.html b/dojo/templates/dojo/view_finding.html
@@ -489,6 +489,26 @@ <h4>Impact <span class="pull-right"><a data-toggle="collapse" href="#vuln_impact
             </div>
         </div>
 
+        <div class="panel panel-default">
+            <div class="panel-heading">
+                <h4>Steps To Reproduce <span class="pull-right"><a data-toggle="collapse" href="#vuln_refs"><i
+                        class="glyphicon glyphicon-chevron-up"></i></a></span></h4>
+            </div>
+            <div id="vuln_refs" class="panel-body collapse in">
+                <pre>{{ finding.steps_to_reproduce|markdown_render }}</pre>
+            </div>
+        </div>
+
+        <div class="panel panel-default">
+            <div class="panel-heading">
+                <h4>Severity Justification <span class="pull-right"><a data-toggle="collapse" href="#vuln_refs"><i
+                        class="glyphicon glyphicon-chevron-up"></i></a></span></h4>
+            </div>
+            <div id="vuln_refs" class="panel-body collapse in">
+                <pre>{{ finding.severity_justification|markdown_render }}</pre>
+            </div>
+        </div>
+
         <div class="panel panel-default">
             <div class="panel-heading">
                 <h4>References <span class="pull-right"><a data-toggle="collapse" href="#vuln_refs"><i
diff --git a/dojo/templatetags/display_tags.py b/dojo/templatetags/display_tags.py
@@ -246,17 +246,32 @@ def paginator_value(page):
 
 @register.filter(name='finding_sla')
 def finding_sla(finding):
+    if not get_system_setting('enable_finding_sla'):
+        return ""
+
+    title = ""
     severity = finding.severity
     find_sla = finding.sla()
     sla_age = get_system_setting('sla_' + severity.lower())
-    status = "green"
-    status_text = 'Remediation for ' + severity.lower() + ' findings in ' + str(sla_age) + ' days or less'
-    if find_sla < 0:
-        status = "red"
-        find_sla = abs(find_sla)
-        status_text = 'Overdue: Remediation for ' + severity.lower() + ' findings in ' + str(sla_age) + ' days or less'
-    title = '<a data-toggle="tooltip" data-placement="bottom" title="" href="#" data-original-title="' + status_text + '">' \
-            '<span class="label severity age-' + status + '">' + str(find_sla) + '</span></a>'
+    if finding.mitigated:
+        status = "blue"
+        status_text = 'Remediated within SLA for ' + severity.lower() + ' findings (' + str(sla_age) + ' days)'
+        if find_sla and find_sla < 0:
+            status = "orange"
+            find_sla = abs(find_sla)
+            status_text = 'Out of SLA: Remediatied ' + str(find_sla) + ' days past SLA for ' + severity.lower() + ' findings (' + str(sla_age) + ' days)'
+    else:
+        status = "green"
+        status_text = 'Remediation for ' + severity.lower() + ' findings in ' + str(sla_age) + ' days or less'
+        if find_sla and find_sla < 0:
+            status = "red"
+            find_sla = abs(find_sla)
+            status_text = 'Overdue: Remediation for ' + severity.lower() + ' findings in ' + str(sla_age) + ' days or less'
+
+    if find_sla is not None:
+        title = '<a data-toggle="tooltip" data-placement="bottom" title="" href="#" data-original-title="' + status_text + '">' \
+                '<span class="label severity age-' + status + '">' + str(find_sla) + '</span></a>'
+
     return mark_safe(title)
 
 
diff --git a/setup.py b/setup.py
@@ -4,7 +4,7 @@
 
 setup(
     name='DefectDojo',
-    version='1.5.0',
+    version='1.5.1',
     author='Greg Anderson',
     description="Tool for managing vulnerability engagements",
     install_requires=[
