diff --git a/api/src/reportcreator_api/pentests/migrations/0057_alter_historicalprojecttype_finding_fields_and_more.py b/api/src/reportcreator_api/pentests/migrations/0057_alter_historicalprojecttype_finding_fields_and_more.py new file mode 100644 index 000000000..7b0cb425e --- /dev/null +++ b/api/src/reportcreator_api/pentests/migrations/0057_alter_historicalprojecttype_finding_fields_and_more.py @@ -0,0 +1,78 @@ +# Generated by Django 5.1 on 2024-08-30 09:56 + +import django.core.serializers.json +import reportcreator_api.archive.crypto.fields +import reportcreator_api.pentests.customfields.predefined_fields +import reportcreator_api.pentests.customfields.types +import reportcreator_api.pentests.customfields.validators +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('pentests', '0056_change_field_definition_format'), + ] + + operations = [ + migrations.AlterField( + model_name='historicalprojecttype', + name='finding_fields', + field=models.JSONField(blank=True, default=reportcreator_api.pentests.customfields.predefined_fields.finding_fields_default, encoder=django.core.serializers.json.DjangoJSONEncoder, validators=[reportcreator_api.pentests.customfields.validators.FieldDefinitionValidator(core_fields=reportcreator_api.pentests.customfields.types.FieldDefinition(fields=[reportcreator_api.pentests.customfields.types.StringField(default='TODO: Finding Title', id='title', label='Title', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['CORE'], spellcheck=True)]), predefined_fields=reportcreator_api.pentests.customfields.types.FieldDefinition(fields=[reportcreator_api.pentests.customfields.types.CvssField(default='n/a', id='cvss', label='CVSS', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED']), reportcreator_api.pentests.customfields.types.MarkdownField(default='TODO: High-level summary', id='summary', label='Summary', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.MarkdownField(default='TODO: detailed technical description what this findings is about and how it can be exploited', id='description', label='Technical Description', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.StringField(default=None, id='precondition', label='Precondition', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True, spellcheck=True), reportcreator_api.pentests.customfields.types.MarkdownField(default='TODO: impact of finding', id='impact', label='Impact', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.MarkdownField(default='TODO: how to fix the vulnerability', id='recommendation', label='Recommendation', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.StringField(default='TODO: short recommendation', id='short_recommendation', label='Short Recommendation', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True, spellcheck=True), reportcreator_api.pentests.customfields.types.ListField(id='references', items=reportcreator_api.pentests.customfields.types.StringField(default=None, label='Reference', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED']), label='References', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=False), reportcreator_api.pentests.customfields.types.ListField(id='affected_components', items=reportcreator_api.pentests.customfields.types.StringField(default='TODO: affected component', label='Component', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED']), label='Affected Components', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.EnumField(choices=[reportcreator_api.pentests.customfields.types.EnumChoice(label='A01:2021 - Broken Access Control', value='A01_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A02:2021 - Cryptographic Failures', value='A02_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A03:2021 - Injection', value='A03_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A04:2021 - Insecure Design', value='A04_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A05:2021 - Security Misconfiguration', value='A05_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A06:2021 - Vulnerable and Outdated Components', value='A06_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A07:2021 - Identification and Authentication Failures', value='A07_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A08:2021 - Software and Data Integrity Failures', value='A08_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A09:2021 - Security Logging and Monitoring Failures', value='A09_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A10:2021 - Server-Side Request Forgery (SSRF)', value='A10_2021')], default=None, id='owasp_top10_2021', label='OWASP Top 10 - 2021', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.EnumField(choices=[reportcreator_api.pentests.customfields.types.EnumChoice(label='INFO - Information Gathering', value='INFO'), reportcreator_api.pentests.customfields.types.EnumChoice(label='CONF - Configuration and Deployment Management', value='CONF'), reportcreator_api.pentests.customfields.types.EnumChoice(label='IDNT - Identity Management', value='IDNT'), reportcreator_api.pentests.customfields.types.EnumChoice(label='ATHN - Authentication', value='ATHN'), reportcreator_api.pentests.customfields.types.EnumChoice(label='ATHZ - Authorization', value='ATHZ'), reportcreator_api.pentests.customfields.types.EnumChoice(label='SESS - Session Management', value='SESS'), reportcreator_api.pentests.customfields.types.EnumChoice(label='INPV - Input Validation', value='INPV'), reportcreator_api.pentests.customfields.types.EnumChoice(label='ERRH - Error Handling', value='ERRH'), reportcreator_api.pentests.customfields.types.EnumChoice(label='CRYP - Weak Cryptography', value='CRYP'), reportcreator_api.pentests.customfields.types.EnumChoice(label='BUSL - Business Logic', value='BUSL'), reportcreator_api.pentests.customfields.types.EnumChoice(label='CLNT - Client-side Testing', value='CLNT'), reportcreator_api.pentests.customfields.types.EnumChoice(label='APIT - API Testing', value='APIT')], default=None, id='wstg_category', label='OWASP Web Security Testing Guide Category', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.EnumField(choices=[reportcreator_api.pentests.customfields.types.EnumChoice(label='Info', value='info'), reportcreator_api.pentests.customfields.types.EnumChoice(label='Low', value='low'), reportcreator_api.pentests.customfields.types.EnumChoice(label='Medium', value='medium'), reportcreator_api.pentests.customfields.types.EnumChoice(label='High', value='high'), reportcreator_api.pentests.customfields.types.EnumChoice(label='Critical', value='critical')], default=None, id='severity', label='Severity', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.MarkdownField(default=None, id='retest_notes', label='Re-test Notes', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=False), reportcreator_api.pentests.customfields.types.EnumField(choices=[reportcreator_api.pentests.customfields.types.EnumChoice(label='Open', value='open'), reportcreator_api.pentests.customfields.types.EnumChoice(label='Resolved', value='resolved'), reportcreator_api.pentests.customfields.types.EnumChoice(label='Partially Resolved', value='partial'), reportcreator_api.pentests.customfields.types.EnumChoice(label='Changed', value='changed'), reportcreator_api.pentests.customfields.types.EnumChoice(label='Accepted', value='accepted'), reportcreator_api.pentests.customfields.types.EnumChoice(label='New', value='new')], default=None, id='retest_status', label='Re-test Status', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=False)]))]), + ), + migrations.AlterField( + model_name='historicalprojecttype', + name='finding_ordering', + field=models.JSONField(blank=True, default=reportcreator_api.pentests.customfields.predefined_fields.finding_ordering_default, encoder=django.core.serializers.json.DjangoJSONEncoder, validators=[reportcreator_api.pentests.customfields.validators.FindingOrderingValidator()]), + ), + migrations.AlterField( + model_name='historicalprojecttype', + name='report_preview_data', + field=reportcreator_api.archive.crypto.fields.EncryptedField(base_field=models.JSONField(blank=True, default=dict, encoder=django.core.serializers.json.DjangoJSONEncoder), editable=True), + ), + migrations.AlterField( + model_name='historicalprojecttype', + name='report_sections', + field=models.JSONField(blank=True, default=reportcreator_api.pentests.customfields.predefined_fields.report_sections_default, encoder=django.core.serializers.json.DjangoJSONEncoder, validators=[reportcreator_api.pentests.customfields.validators.SectionDefinitionValidator(core_fields=reportcreator_api.pentests.customfields.types.FieldDefinition(fields=[reportcreator_api.pentests.customfields.types.StringField(default='TODO: Report Title', id='title', label='Title', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['CORE'], required=True, spellcheck=True)]), predefined_fields=reportcreator_api.pentests.customfields.types.FieldDefinition(fields=[reportcreator_api.pentests.customfields.types.BooleanField(default=False, id='is_retest', label='Is Retest', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'])]))]), + ), + migrations.AlterField( + model_name='historicalprojecttype', + name='report_styles', + field=reportcreator_api.archive.crypto.fields.EncryptedField(base_field=models.TextField(blank=True, default=''), editable=True), + ), + migrations.AlterField( + model_name='historicalprojecttype', + name='report_template', + field=reportcreator_api.archive.crypto.fields.EncryptedField(base_field=models.TextField(blank=True, default=''), editable=True), + ), + migrations.AlterField( + model_name='projecttype', + name='finding_fields', + field=models.JSONField(blank=True, default=reportcreator_api.pentests.customfields.predefined_fields.finding_fields_default, encoder=django.core.serializers.json.DjangoJSONEncoder, validators=[reportcreator_api.pentests.customfields.validators.FieldDefinitionValidator(core_fields=reportcreator_api.pentests.customfields.types.FieldDefinition(fields=[reportcreator_api.pentests.customfields.types.StringField(default='TODO: Finding Title', id='title', label='Title', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['CORE'], spellcheck=True)]), predefined_fields=reportcreator_api.pentests.customfields.types.FieldDefinition(fields=[reportcreator_api.pentests.customfields.types.CvssField(default='n/a', id='cvss', label='CVSS', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED']), reportcreator_api.pentests.customfields.types.MarkdownField(default='TODO: High-level summary', id='summary', label='Summary', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.MarkdownField(default='TODO: detailed technical description what this findings is about and how it can be exploited', id='description', label='Technical Description', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.StringField(default=None, id='precondition', label='Precondition', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True, spellcheck=True), reportcreator_api.pentests.customfields.types.MarkdownField(default='TODO: impact of finding', id='impact', label='Impact', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.MarkdownField(default='TODO: how to fix the vulnerability', id='recommendation', label='Recommendation', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.StringField(default='TODO: short recommendation', id='short_recommendation', label='Short Recommendation', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True, spellcheck=True), reportcreator_api.pentests.customfields.types.ListField(id='references', items=reportcreator_api.pentests.customfields.types.StringField(default=None, label='Reference', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED']), label='References', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=False), reportcreator_api.pentests.customfields.types.ListField(id='affected_components', items=reportcreator_api.pentests.customfields.types.StringField(default='TODO: affected component', label='Component', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED']), label='Affected Components', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.EnumField(choices=[reportcreator_api.pentests.customfields.types.EnumChoice(label='A01:2021 - Broken Access Control', value='A01_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A02:2021 - Cryptographic Failures', value='A02_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A03:2021 - Injection', value='A03_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A04:2021 - Insecure Design', value='A04_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A05:2021 - Security Misconfiguration', value='A05_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A06:2021 - Vulnerable and Outdated Components', value='A06_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A07:2021 - Identification and Authentication Failures', value='A07_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A08:2021 - Software and Data Integrity Failures', value='A08_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A09:2021 - Security Logging and Monitoring Failures', value='A09_2021'), reportcreator_api.pentests.customfields.types.EnumChoice(label='A10:2021 - Server-Side Request Forgery (SSRF)', value='A10_2021')], default=None, id='owasp_top10_2021', label='OWASP Top 10 - 2021', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.EnumField(choices=[reportcreator_api.pentests.customfields.types.EnumChoice(label='INFO - Information Gathering', value='INFO'), reportcreator_api.pentests.customfields.types.EnumChoice(label='CONF - Configuration and Deployment Management', value='CONF'), reportcreator_api.pentests.customfields.types.EnumChoice(label='IDNT - Identity Management', value='IDNT'), reportcreator_api.pentests.customfields.types.EnumChoice(label='ATHN - Authentication', value='ATHN'), reportcreator_api.pentests.customfields.types.EnumChoice(label='ATHZ - Authorization', value='ATHZ'), reportcreator_api.pentests.customfields.types.EnumChoice(label='SESS - Session Management', value='SESS'), reportcreator_api.pentests.customfields.types.EnumChoice(label='INPV - Input Validation', value='INPV'), reportcreator_api.pentests.customfields.types.EnumChoice(label='ERRH - Error Handling', value='ERRH'), reportcreator_api.pentests.customfields.types.EnumChoice(label='CRYP - Weak Cryptography', value='CRYP'), reportcreator_api.pentests.customfields.types.EnumChoice(label='BUSL - Business Logic', value='BUSL'), reportcreator_api.pentests.customfields.types.EnumChoice(label='CLNT - Client-side Testing', value='CLNT'), reportcreator_api.pentests.customfields.types.EnumChoice(label='APIT - API Testing', value='APIT')], default=None, id='wstg_category', label='OWASP Web Security Testing Guide Category', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.EnumField(choices=[reportcreator_api.pentests.customfields.types.EnumChoice(label='Info', value='info'), reportcreator_api.pentests.customfields.types.EnumChoice(label='Low', value='low'), reportcreator_api.pentests.customfields.types.EnumChoice(label='Medium', value='medium'), reportcreator_api.pentests.customfields.types.EnumChoice(label='High', value='high'), reportcreator_api.pentests.customfields.types.EnumChoice(label='Critical', value='critical')], default=None, id='severity', label='Severity', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=True), reportcreator_api.pentests.customfields.types.MarkdownField(default=None, id='retest_notes', label='Re-test Notes', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=False), reportcreator_api.pentests.customfields.types.EnumField(choices=[reportcreator_api.pentests.customfields.types.EnumChoice(label='Open', value='open'), reportcreator_api.pentests.customfields.types.EnumChoice(label='Resolved', value='resolved'), reportcreator_api.pentests.customfields.types.EnumChoice(label='Partially Resolved', value='partial'), reportcreator_api.pentests.customfields.types.EnumChoice(label='Changed', value='changed'), reportcreator_api.pentests.customfields.types.EnumChoice(label='Accepted', value='accepted'), reportcreator_api.pentests.customfields.types.EnumChoice(label='New', value='new')], default=None, id='retest_status', label='Re-test Status', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'], required=False)]))]), + ), + migrations.AlterField( + model_name='projecttype', + name='finding_ordering', + field=models.JSONField(blank=True, default=reportcreator_api.pentests.customfields.predefined_fields.finding_ordering_default, encoder=django.core.serializers.json.DjangoJSONEncoder, validators=[reportcreator_api.pentests.customfields.validators.FindingOrderingValidator()]), + ), + migrations.AlterField( + model_name='projecttype', + name='report_preview_data', + field=reportcreator_api.archive.crypto.fields.EncryptedField(base_field=models.JSONField(blank=True, default=dict, encoder=django.core.serializers.json.DjangoJSONEncoder), editable=True), + ), + migrations.AlterField( + model_name='projecttype', + name='report_sections', + field=models.JSONField(blank=True, default=reportcreator_api.pentests.customfields.predefined_fields.report_sections_default, encoder=django.core.serializers.json.DjangoJSONEncoder, validators=[reportcreator_api.pentests.customfields.validators.SectionDefinitionValidator(core_fields=reportcreator_api.pentests.customfields.types.FieldDefinition(fields=[reportcreator_api.pentests.customfields.types.StringField(default='TODO: Report Title', id='title', label='Title', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['CORE'], required=True, spellcheck=True)]), predefined_fields=reportcreator_api.pentests.customfields.types.FieldDefinition(fields=[reportcreator_api.pentests.customfields.types.BooleanField(default=False, id='is_retest', label='Is Retest', origin=reportcreator_api.pentests.customfields.types.FieldOrigin['PREDEFINED'])]))]), + ), + migrations.AlterField( + model_name='projecttype', + name='report_styles', + field=reportcreator_api.archive.crypto.fields.EncryptedField(base_field=models.TextField(blank=True, default=''), editable=True), + ), + migrations.AlterField( + model_name='projecttype', + name='report_template', + field=reportcreator_api.archive.crypto.fields.EncryptedField(base_field=models.TextField(blank=True, default=''), editable=True), + ), + ] diff --git a/api/src/reportcreator_api/pentests/models/project.py b/api/src/reportcreator_api/pentests/models/project.py index b8c75e46c..3baa7d1ee 100644 --- a/api/src/reportcreator_api/pentests/models/project.py +++ b/api/src/reportcreator_api/pentests/models/project.py @@ -78,23 +78,28 @@ class ProjectType(LockableMixin, LanguageMixin, ImportableMixin, BaseModel): tags = ArrayField(base_field=models.CharField(max_length=255), default=list, blank=True, db_index=True) # PDF Template - report_template = EncryptedField(base_field=models.TextField(default="")) - report_styles = EncryptedField(base_field=models.TextField(default="")) - report_preview_data = EncryptedField(base_field=models.JSONField(encoder=DjangoJSONEncoder, default=dict)) + report_template = EncryptedField(base_field=models.TextField(default="", blank=True)) + report_styles = EncryptedField(base_field=models.TextField(default="", blank=True)) + report_preview_data = EncryptedField(base_field=models.JSONField(encoder=DjangoJSONEncoder, default=dict, blank=True)) # Field definitions report_sections = models.JSONField( encoder=DjangoJSONEncoder, validators=[SectionDefinitionValidator(core_fields=REPORT_FIELDS_CORE, predefined_fields=REPORT_FIELDS_PREDEFINED)], default=report_sections_default, + blank=True, ) finding_fields = models.JSONField( encoder=DjangoJSONEncoder, validators=[FieldDefinitionValidator(core_fields=FINDING_FIELDS_CORE, predefined_fields=FINDING_FIELDS_PREDEFINED)], default=finding_fields_default, + blank=True, ) finding_ordering = models.JSONField( - encoder=DjangoJSONEncoder, validators=[FindingOrderingValidator()], default=finding_ordering_default, + encoder=DjangoJSONEncoder, + validators=[FindingOrderingValidator()], + default=finding_ordering_default, + blank=True, ) # Notes