kulinacs
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎SPONSORING.md‎
Lines changed: 25 additions & 0 deletions b/‎SPONSORING.md‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎dojo/forms.py‎
Lines changed: 12 additions & 4 deletions b/‎dojo/forms.py‎
Lines changed: 12 additions & 4 deletions
diff --git a/‎dojo/models.py‎
Lines changed: 31 additions & 10 deletions b/‎dojo/models.py‎
Lines changed: 31 additions & 10 deletions
diff --git a/‎dojo/rules/urls.py‎
Lines changed: 2 additions & 0 deletions b/‎dojo/rules/urls.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎dojo/rules/views.py‎
Lines changed: 64 additions & 27 deletions b/‎dojo/rules/views.py‎
Lines changed: 64 additions & 27 deletions
diff --git a/‎dojo/templates/dojo/delete_product.html‎
Lines changed: 1 addition & 1 deletion b/‎dojo/templates/dojo/delete_product.html‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎dojo/templates/dojo/delete_rule.html‎
Lines changed: 28 additions & 0 deletions b/‎dojo/templates/dojo/delete_rule.html‎
Lines changed: 28 additions & 0 deletions
@@ -109,7 +109,7 @@ Proceeds are used for testing, infrastructure, etc.
 
 [![Xing](https://raw.githubusercontent.com/DefectDojo/Documentation/master/doc/img/XING_logo.png)](https://corporate.xing.com/en/about-xing/security/)
 
-Interested in becoming a sponsor and having your logo displayed? Please email [email protected]
+Interested in becoming a sponsor and having your logo displayed? Please review our [sponsorship information](SPONSORING.md) or email [email protected]
 
 # License
 
 
@@ -0,0 +1,25 @@
+On April 5th, 2018, OWASP clarified their sponsorship requirements to note that time, software, or any other quantifiable contribution can be counted towards the $1000 threshold outlined by the [OWASP Global Policy](https://www.owasp.org/index.php/Project_Sponsorship_Operational_Guidelines).
+
+Below is our sponsorship guidelines to provide further clarification specific to our project for non-monetary contributions:
+
+**Maintainers**
+
+As a maintainer, you invest a significant number of hours reviewing code, contributing code, validating architecture, and helping the community. With the time you contribute, maintainers are entitled to name a sponsor, whether it be your employer or yourself, as long as you have written permission to have the entity’s logo displayed on the wiki and on our github repository. Should your relationship end with the entity you have designated (i.e. change of jobs) the entity will be grandfathered for calendar year at the time of your change.
+
+**Contributors**
+
+Contributors who earn 100 Sponsorship Points in a calendar year will qualify for sponsorship status. Sponsorship Points are available in the following forms. 
+
+For reporting a bug that is verified, the contributor will receive 10 point. 
+
+For merged pull requests, points will be awarded as follows:
+
+1 - 10 lines = 1 Point
+
+11 - 20 lines = 2 Points
+
+21- 30 lines = 3 Points
+
+Etc, etc
+	
+Issues will also be labeled with points. When a fix is merged, the contributor will receive the corresponding points, and the points associated with the line rewards above.
@@ -18,7 +18,7 @@
     Development_Environment, Dojo_User, Scan, Endpoint, Stub_Finding, Finding_Template, Report, FindingImage, \
     JIRA_Issue, JIRA_PKey, JIRA_Conf, UserContactInfo, Tool_Type, Tool_Configuration, Tool_Product_Settings, \
     Cred_User, Cred_Mapping, System_Settings, Notifications, Languages, Language_Type, App_Analysis, Objects, \
-    Benchmark_Product, Benchmark_Requirement, Benchmark_Product_Summary, Rule
+    Benchmark_Product, Benchmark_Requirement, Benchmark_Product_Summary, Rule, Child_Rule
 
 RE_DATE = re.compile(r'(\d{4})-(\d\d?)-(\d\d?)$')
 
@@ -1637,15 +1637,23 @@ class Meta:
         exclude = ['key_product']
 
 
-RuleFormSet = modelformset_factory(Rule, extra=2, max_num=10, exclude=[''], can_delete=True)
+class ChildRuleForm(forms.ModelForm):
+
+    class Meta:
+        model = Child_Rule
+        exclude = ['key_product']
+
+
+RuleFormSet = modelformset_factory(Child_Rule, extra=2, max_num=10, exclude=[''], can_delete=True)
 
 
 class DeleteRuleForm(forms.ModelForm):
+    id = forms.IntegerField(required=True,
+                            widget=forms.widgets.HiddenInput())
 
     class Meta:
         model = Rule
-        exclude = ['']
-
+        fields = ('id',)
 
 class CredUserForm(forms.ModelForm):
     # selenium_script = forms.FileField(widget=forms.widgets.FileInput(
 
@@ -1820,17 +1820,17 @@ class Meta:
         unique_together = [('product', 'benchmark_type')]
 
 
-product_opts = [f.name for f in Product._meta.fields]
-test_opts = [f.name for f in Test._meta.fields]
-test_type_opts = [f.name for f in Test_Type._meta.fields]
+# product_opts = [f.name for f in Product._meta.fields]
+# test_opts = [f.name for f in Test._meta.fields]
+# test_type_opts = [f.name for f in Test_Type._meta.fields]
 finding_opts = [f.name for f in Finding._meta.fields]
-endpoint_opts = [f.name for f in Endpoint._meta.fields]
-engagement_opts = [f.name for f in Engagement._meta.fields]
-product_type_opts = [f.name for f in Product_Type._meta.fields]
-single_options = product_opts + test_opts + test_type_opts + finding_opts + \
-                 endpoint_opts + engagement_opts + product_type_opts
+# endpoint_opts = [f.name for f in Endpoint._meta.fields]
+# engagement_opts = [f.name for f in Engagement._meta.fields]
+# product_type_opts = [f.name for f in Product_Type._meta.fields]
+# single_options = product_opts + test_opts + test_type_opts + finding_opts + \
+#                  endpoint_opts + engagement_opts + product_type_opts
 all_options = []
-for x in single_options:
+for x in finding_opts:
     all_options.append((x, x))
 operator_options = (('Matches', 'Matches'),
                     ('Contains', 'Contains'))
@@ -1846,10 +1846,13 @@ class Rule(models.Model):
     enabled = models.BooleanField(default=True)
     text = models.TextField()
     operator = models.CharField(max_length=30, choices=operator_options)
+    """
     model_object_options = (('Product', 'Product'),
                             ('Engagement', 'Engagement'), ('Test', 'Test'),
                             ('Finding', 'Finding'), ('Endpoint', 'Endpoint'),
                             ('Product Type', 'Product_Type'), ('Test Type', 'Test_Type'))
+    """
+    model_object_options = (('Finding', 'Finding'),)
     model_object = models.CharField(max_length=30, choices=model_object_options)
     match_field = models.CharField(max_length=200, choices=all_options)
     match_text = models.TextField()
@@ -1858,10 +1861,28 @@ class Rule(models.Model):
     # TODO: Add or ?
     # and_rules = models.ManyToManyField('self')
     applied_field = models.CharField(max_length=200, choices=(all_options))
-    child_rules = models.ManyToManyField('self', editable=False, null=True)
+    child_rules = models.ManyToManyField('self', editable=False)
     parent_rule = models.ForeignKey('self', editable=False, null=True)
 
 
+class Child_Rule(models.Model):
+    # add UI notification to let people know what rules were applied
+    operator = models.CharField(max_length=30, choices=operator_options)
+    """
+    model_object_options = (('Product', 'Product'),
+                            ('Engagement', 'Engagement'), ('Test', 'Test'),
+                            ('Finding', 'Finding'), ('Endpoint', 'Endpoint'),
+                            ('Product Type', 'Product_Type'), ('Test Type', 'Test_Type'))
+    """
+    model_object_options = (('Finding', 'Finding'),)
+    model_object = models.CharField(max_length=30, choices=model_object_options)
+    match_field = models.CharField(max_length=200, choices=all_options)
+    match_text = models.TextField()
+    # TODO: Add or ?
+    # and_rules = models.ManyToManyField('self')
+    parent_rule = models.ForeignKey(Rule, editable=False, null=True)
+
+
 class FieldRule(models.Model):
     field = models.CharField(max_length=200)
     update_options = (('Append', 'Append'),
 
@@ -6,5 +6,7 @@
     url(r'^rule/add', views.new_rule, name='Add Rule'),
     url(r'^rule/(?P<pid>\d+)/edit$', views.edit_rule,
         name='Edit Rule'),
+    url(r'^rule/(?P<pid>\d+)/add_child', views.add_child,
+        name='Add Child'),
     url(r'^rule/(?P<tid>\d+)/delete$', views.delete_rule,
         name='Delete Rule'), ]
@@ -1,6 +1,7 @@
 # Standard library imports
 import json
 import logging
+import sys
 
 # Third party imports
 from django.contrib import messages
@@ -12,8 +13,8 @@
 # Local application/library imports
 from dojo.models import Rule,\
     System_Settings, Finding, Test, Test_Type, Engagement, \
-    Product, Product_Type
-from dojo.forms import RuleFormSet, DeleteRuleForm
+    Product, Product_Type, Child_Rule
+from dojo.forms import RuleFormSet, DeleteRuleForm, RuleForm
 from dojo.utils import add_breadcrumb
 
 logger = logging.getLogger(__name__)
@@ -45,23 +46,50 @@ def rules(request):
         'rules': initial_queryset})
 
 
-@user_passes_test(lambda u: u.is_staff)
 def new_rule(request):
     if request.method == 'POST':
-        form = RuleFormSet(request.POST)
-        match_f = request.POST.get('match_field')
-        apply_f = request.POST.get('applied_field')
+        form = RuleForm(request.POST)
         if form.is_valid():
-            form.save()
+            rule = form.save()
             messages.add_message(request,
                                  messages.SUCCESS,
                                  'Rule created successfully.',
                                  extra_tags='alert-success')
+            if "_Add Child" in request.POST:
+                return HttpResponseRedirect(reverse('Add Child', args=(rule.id,)))
             return HttpResponseRedirect(reverse('rules'))
-    form = RuleFormSet(queryset=Rule.objects.none())
+    form = RuleForm()
+    add_breadcrumb(title="New Dojo Rule", top_level=False, request=request)
+    return render(request, 'dojo/new_rule2.html',
+                  {'form': form,
+                   'finding_fields': finding_fields,
+                   'test_fields': test_fields,
+                   'engagement_fields': engagement_fields,
+                   'product_fields': product_fields,
+                   'product_type_fields': product_type_fields,
+                   'field_dictionary': json.dumps(field_dictionary)})
+
+
+@user_passes_test(lambda u: u.is_staff)
+def add_child(request, pid):
+    rule = get_object_or_404(Rule, pk=pid)
+    if request.method == 'POST':
+        forms = RuleFormSet(request.POST)
+        for form in forms:
+            if form.is_valid():
+                cr = form.save(commit=False)
+                cr.parent_rule = rule
+                cr.save()
+                messages.add_message(request,
+                                     messages.SUCCESS,
+                                     'Rule created successfully.',
+                                     extra_tags='alert-success')
+                return HttpResponseRedirect(reverse('rules'))
+    form = RuleFormSet(queryset=Child_Rule.objects.filter(parent_rule=rule))
     add_breadcrumb(title="New Dojo Rule", top_level=False, request=request)
     return render(request, 'dojo/new_rule.html',
                   {'form': form,
+                   'pid': pid,
                    'finding_fields': finding_fields,
                    'test_fields': test_fields,
                    'engagement_fields': engagement_fields,
@@ -75,18 +103,20 @@ def edit_rule(request, pid):
     pt = get_object_or_404(Rule, pk=pid)
     children = Rule.objects.filter(parent_rule=pt)
     all_rules = children | Rule.objects.filter(pk=pid)
-    form = RuleFormSet(queryset=all_rules)
+    form = RuleForm(instance=pt)
     if request.method == 'POST':
-        form = RuleFormSet(request.POST)
+        form = RuleForm(request.POST, instance=pt)
         if form.is_valid():
             pt = form.save()
             messages.add_message(request,
                                  messages.SUCCESS,
                                  'Rule updated successfully.',
                                  extra_tags='alert-success')
+            if "_Add Child" in request.POST:
+                return HttpResponseRedirect(reverse('Add Child', args=(pt.id,)))
             return HttpResponseRedirect(reverse('rules'))
     add_breadcrumb(title="Edit Rule", top_level=False, request=request)
-    return render(request, 'dojo/edit_rule2.html', {
+    return render(request, 'dojo/edit_rule.html', {
         'name': 'Edit Rule',
         'metric': False,
         'user': request.user,
@@ -96,32 +126,39 @@ def edit_rule(request, pid):
 
 
 @user_passes_test(lambda u: u.is_staff)
-def delete_rule(request, pid):
-    product = get_object_or_404(Rule, pk=pid)
-    form = DeleteRuleForm(instance=product)
+def delete_rule(request, tid):
+    rule = get_object_or_404(Rule, pk=tid)
+    form = DeleteRuleForm(instance=rule)
 
     from django.contrib.admin.utils import NestedObjects
     from django.db import DEFAULT_DB_ALIAS
 
     collector = NestedObjects(using=DEFAULT_DB_ALIAS)
-    collector.collect([product])
+    collector.collect([rule])
     rels = collector.nested()
 
     if request.method == 'POST':
-        if 'id' in request.POST and str(product.id) == request.POST['id']:
-            form = DeleteRuleForm(request.POST, instance=product)
-            if form.is_valid():
-                product.delete()
-                messages.add_message(request,
-                                     messages.SUCCESS,
-                                     'Rule deleted.',
-                                     extra_tags='alert-success')
-                return HttpResponseRedirect(reverse('Rules'))
+        print >> sys.stderr, 'id' in request.POST
+        print >> sys.stderr, str(rule.id) == request.POST['id']
+        print >> sys.stderr, str(rule.id) == request.POST['id']
+        # if 'id' in request.POST and str(rule.id) == request.POST['id']:
+        form = DeleteRuleForm(request.POST, instance=rule)
+        print >> sys.stderr, form.is_valid()
+        print >> sys.stderr, form.errors
+        print >> sys.stderr, form.non_field_errors()
+        print >> sys.stderr, 'id' in request.POST
+        if form.is_valid():
+            rule.delete()
+            messages.add_message(request,
+                                 messages.SUCCESS,
+                                 'Rule deleted.',
+                                 extra_tags='alert-success')
+            return HttpResponseRedirect(reverse('rules'))
 
-    add_breadcrumb(parent=product, title="Delete", top_level=False, request=request)
+    add_breadcrumb(parent=rule, title="Delete", top_level=False, request=request)
     system_settings = System_Settings.objects.get()
-    return render(request, 'dojo/delete_product.html',
-                  {'product': product,
+    return render(request, 'dojo/delete_rule.html',
+                  {'rule': rule,
                    'form': form,
                    'active_tab': 'findings',
                    'system_settings': system_settings,
 
@@ -1,4 +1,4 @@
-{% extends "base.html" %}
+delete_product.html{% extends "base.html" %}
 {% block content %}
     <h3> Delete Product {{ product }}</h3>
     <p>
 
@@ -0,0 +1,28 @@
+delete_product.html{% extends "base.html" %}
+{% block content %}
+    <h3> Delete Rule {{ rule }}</h3>
+    <p>
+        Deleting this rule will remove any related objects associated
+        with it. These relationships are listed below:
+    </p>
+    <div class="danger-zone panel panel-danger">
+        <div class="panel-heading">
+            <h3>Danger Zone</h3>
+        </div>
+        {% if rels|length > 1 %}
+            <ul class="left">{{ rels|unordered_list }}</ul>
+        {% else %}
+            <p class="text-center">No relationships found.</p>
+        {% endif %}
+        <form class="form-horizontal" method="post">
+            {% csrf_token %}
+            {{ form }}
+
+            <div class="form-group">
+                <button class="btn btn-danger" type="submit" name="delete_name" value="delete_test">Delete Rule</button>
+            </div>
+        </form>
+    </div>
+    <br/>
+    <br/>
+{% endblock %}
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-{% extends "base.html" %}`
	`1`	`+delete_product.html{% extends "base.html" %}`
`2`	`2`	`{% block content %}`
`3`	`3`	`<h3> Delete Product {{ product }}</h3>`
`4`	`4`	`<p>`