Merge pull request #35 from mpast/dev

Various fixes

.dockerignore

@@ -1,5 +1,6 @@
 # Ignore the logs
 app/logs/
+rabbitmq/logs/
 
 # Ignore apk directory
 app/media/apk

README.md

@@ -111,16 +111,24 @@ It checks in the database if there are URLs in the APK that are related with Mal
 
 Using Docker-compose:
 
-The provided `docker-compose.yml` file allows you to run the app locally in development. To start the container, run:
+The provided `docker-compose.yml` file allows you to run the app locally in development.
+
+To build the local image and if there are changes to the local Application Dockerfile, you can build the image with:
+
+```sh
+docker-compose build
+```
+
+Then, to start the container, run:
 
 ```sh
 docker-compose up
 ```
 
-If there are changes to the local Application Dockerfile, you can build the image with 
+Optional: run in detached mode (not see the logs)
 
 ```sh
-docker-compose build
+docker-compose up -d
 ```
 
 Once the application has launched, you can test the application by navigating to: http://localhost:8888/ to access the dashboard.
@@ -230,4 +238,6 @@ DEFECTDOJO_API_URL = env('DEFECTDOJO_API_URL', 'http://defectdojo:8080/api/v2/')
 DEFECTDOJO_API_KEY = env('DEFECTDOJO_API_KEY', '')
 ```
 
+If you like to contribute, see [Contributing](CONTRIBUTING.md)
+
 ---

app/api.py

@@ -8,7 +8,6 @@
 from rest_framework import viewsets, mixins, status
 from django.db.models import Q
 from django_filters import rest_framework as filters
-#from django_filters.rest_framework import DjangoFilterBackend
 
 class IsUserOrReadOnly(permissions.BasePermission):
     def has_object_permission(self, request, view, obj):
@@ -49,9 +48,9 @@ def perform_create(self, serializer):
     def scan(self, request, pk=None):
         if (pk != None):
             scan = Scan.objects.get(pk=pk)
-            queryset = Finding.objects.filter(scan=scan)
+            queryset = Finding.objects.filter(scan=scan).order_by('id')
         else:
-            queryset = Finding.objects.all()
+            queryset = Finding.objects.all().order_by('id')
 
         page = self.paginate_queryset(queryset)
         if page is not None:
@@ -73,10 +72,9 @@ def perform_create(self, serializer):
     def scan(self, request, pk=None):
         if (pk != None):
             scan = Scan.objects.get(pk=pk)
-            queryset = Permission.objects.filter(scan=scan)
+            queryset = Permission.objects.filter(scan=scan).order_by('id')
         else:
-            queryset = Permission.objects.all()
-        print(queryset)    
+            queryset = Permission.objects.all().order_by('id')
         page = self.paginate_queryset(queryset)
         if page is not None:
             serializer = self.get_serializer(page, many=True)

app/config/settings.py

@@ -161,7 +161,7 @@
 VIRUSTOTAL_URL = env('VIRUSTOTAL_URL', 'https://www.virustotal.com/')
 VIRUSTOTAL_FILE_URL = env('VIRUSTOTAL_FILE_URL', 'https://www.virustotal.com/gui/file/')
 VIRUSTOTAL_API_URL_V3 = env('VIRUSTOTAL_API_URL_V3', 'https://www.virustotal.com/api/v3/')
-VIRUSTOTAL_URL_V2 = env('VIRUSTOTAL_API_URL_V2', 'https://www.virustotal.com/vtapi/v2/file/')
+VIRUSTOTAL_API_URL_V2 = env('VIRUSTOTAL_API_URL_V2', 'https://www.virustotal.com/vtapi/v2/file/')
 VIRUSTOTAL_API_KEY = env('VIRUSTOTAL_API_KEY', '')
 VIRUSTOTAL_UPLOAD = env('VIRUSTOTAL_UPLOAD', False)
 

app/templates/patterns.html

@@ -22,7 +22,7 @@
     <table id="patterns" class="table table-striped table-bordered">
         <thead>
             <tr>
-                <th style="width: 2%;"><input id="id_select_all" name="select_all" type="checkbox" /></th>
+                <th style="width: 3%;"><input id="id_select_all" name="select_all" type="checkbox" /></th>
                 <th style="width: 6%;">ID</th>
                 <th style="width: 10%;">Pattern</th>
                 <th style="width: 30%;">Description</th>

app/views.py

@@ -131,21 +131,21 @@ def get_components_intents(scan_id):
 @login_required
 def scan(request, id):
     scan = Scan.objects.get(pk=id)
-    certificates = Certificate.objects.filter(scan=id)
-    permissions = Permission.objects.filter(scan=id)
-    activities = Activity.objects.filter(scan=id)
+    certificates = Certificate.objects.filter(scan=id).order_by('id')
+    permissions = Permission.objects.filter(scan=id).order_by('id')
+    activities = Activity.objects.filter(scan=id).order_by('id')
     components_intents = get_components_intents(id)
     strings = String.objects.filter(scan=id).order_by('type')
     findings = Finding.objects.filter(scan=id).exclude(severity=Severity.NO).order_by('id')
     findings_by_category = order_findings_by_categories(findings)
     database = DatabaseInfo.objects.filter(scan=scan)
     files = File.objects.filter(scan=scan)
     findings_by_severity = get_findings_by_severity(id)
-    best_practices = Finding.objects.filter(scan=id, severity=Severity.NO)
-    all_practices = Pattern.objects.filter(default_severity=Severity.NO)
+    best_practices = Finding.objects.filter(scan=id, severity=Severity.NO).order_by('id')
+    all_practices = Pattern.objects.filter(default_severity=Severity.NO).order_by('id')
     try:
         antivirus_scan = VirusTotalScan.objects.filter(scan=scan).latest('created_on')
-        antivirus = Antivirus.objects.filter(virus_scan=antivirus_scan)
+        antivirus = Antivirus.objects.filter(virus_scan=antivirus_scan).order_by('id')
     except Exception:
         antivirus_scan = False
         antivirus = False
@@ -154,7 +154,7 @@ def scan(request, id):
         'permissions': permissions,
         'findings': findings,
         'certificates': certificates,
-        'categories': Pattern.objects.all(),
+        'categories': Pattern.objects.all().order_by('id'),
         'findings_ordered': findings_by_category,
         'findings_by_severity': findings_by_severity,
         'all_practices': all_practices,