From 3862fc1b8fc3dd05918e06ce0a432fc6c5573c16 Mon Sep 17 00:00:00 2001
From: Felipe Cecagno <fcecagno@gmail.com>
Date: Wed, 3 Jul 2024 01:17:43 -0300
Subject: [PATCH] feat: install django-allow-cidr in order to allow hosts based
 on subnet

---
 dojo/settings/.settings.dist.py.sha256sum | 2 +-
 dojo/settings/settings.dist.py            | 8 ++++++++
 dojo/settings/template-env                | 3 +++
 requirements.txt                          | 1 +
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/dojo/settings/.settings.dist.py.sha256sum b/dojo/settings/.settings.dist.py.sha256sum
index 4885a819303..aecaad287aa 100644
--- a/dojo/settings/.settings.dist.py.sha256sum
+++ b/dojo/settings/.settings.dist.py.sha256sum
@@ -1 +1 @@
-7b3bb14160f3ffce537d75895ee18cb0a561232fa964bae88b4861f7d289b176
+6fae39546f8acdd7a9d987df65fc6d2d5424b863031fc8a02ca02a92cf9709a6
diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py
index e207309417c..d5449ef5998 100644
--- a/dojo/settings/settings.dist.py
+++ b/dojo/settings/settings.dist.py
@@ -301,6 +301,8 @@
     DD_QUALYS_LEGACY_SEVERITY_PARSING=(bool, True),
     # Use System notification settings to override user's notification settings
     DD_NOTIFICATIONS_SYSTEM_LEVEL_TRUMP=(list, ["user_mentioned", "review_requested"]),
+    # Set addr cidr for allowed hosts, example: 10.144.0.0/16
+    DD_ALLOWED_CIDR_NETS=(list, []),
 )
 
 
@@ -888,6 +890,12 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
 
 vars().update(EMAIL_CONFIG)
 
+# Possible to set ALLOWED_CIDR_NETS
+# https://pypi.org/project/django-allow-cidr/
+if env('DD_ALLOWED_CIDR_NETS') != ['[]']:
+    MIDDLEWARE.append('allow_cidr.middleware.AllowCIDRMiddleware')
+    ALLOWED_CIDR_NETS = env('DD_ALLOWED_CIDR_NETS')
+
 # ------------------------------------------------------------------------------
 # SAML
 # ------------------------------------------------------------------------------
diff --git a/dojo/settings/template-env b/dojo/settings/template-env
index ca068a10dc9..6488292c2d3 100644
--- a/dojo/settings/template-env
+++ b/dojo/settings/template-env
@@ -16,6 +16,9 @@ DD_DATABASE_URL=#DD_DATABASE_URL#
 # Hosts/domain names that are valid for this site;
 DD_ALLOWED_HOSTS=#DD_ALLOWED_HOSTS#
 
+# cidr addresses that are valid for this site;
+DD_ALLOWED_CIDR_NETS=#DD_ALLOWED_CIDR_NETS#
+
 # WhiteNoise allows your web app to serve its own static files,
 # making it a self-contained unit that can be deployed anywhere without relying on nginx,
 # if using nginx then disable Whitenoise
diff --git a/requirements.txt b/requirements.txt
index 15799fbde86..0e1790afce2 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,6 +6,7 @@ celery==5.4.0
 coverage==7.5.4
 defusedxml==0.7.1
 django_celery_results==2.5.1
+django-allow-cidr==0.7.1
 django-auditlog==2.3.0
 django-dbbackup==4.1.0
 django-environ==0.11.2