Added is_template=False to finding filters to better capture true met…

…rics and reports. Added the api url to the exempt list, otherwise api calls would get redirected to loging page.
DefectDojo · Jun 16, 2015 · 6e70cec · 6e70cec
1 parent d21db12
commit 6e70cec
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 427 deletions.
diff --git a/dojo/models.py b/dojo/models.py
@@ -52,7 +52,8 @@ class Product_Type(models.Model):
 
     def findings_count(self):
         findings = Finding.objects.filter(active=True, mitigated__isnull=True,
-                                          false_p=False, verified=True)
+                                          false_p=False, verified=True,
+                                          is_template=False)
         findings = findings.filter(Q(severity="Critical") |
                                    Q(severity="High") |
                                    Q(severity="Medium") |

diff --git a/dojo/settings.dist.py b/dojo/settings.dist.py
@@ -153,6 +153,7 @@
     r'^metrics$',
     r'^metrics/product/type/(?P<mtype>\d+)$',
     r'^metrics/simple$',
+    r'^api/v1/',
 )
 
 # Python dotted path to the WSGI application used by Django's runserver.

diff --git a/dojo/templates/dojo/api_key.html b/dojo/templates/dojo/api_key.html
@@ -29,10 +29,10 @@ <h2> {{ name }}</h2>
     <pre>
 import requests
 
-url = 'https://10.23.245.200:8000/api/v1/users'
+url = '{% if request.is_secure %}https{% else %}http{% endif %}://{{ request.META.HTTP_HOST }}/api/v1/users'
 headers = {'content-type': 'application/json',
 		   'Authorization': 'ApiKey {{ user.username }}:{{ key.key }}'}
-r = requests.get(url, headers=headers, verify=False) # don't verify ssl cert since it is self-signed
+r = requests.get(url, headers=headers, verify=True) # set verify to False if ssl cert is self-signed
 
 for key, value in r.__dict__.iteritems():
   print key