Skip to content

Commit

Permalink
fix metrics to also calculate risk acceptance and duplicate findings. (
Browse files Browse the repository at this point in the history 
…#9013)
  • Loading branch information
@lme-nca
lme-nca authored Nov 17, 2023
1 parent 07415c3 commit 893dfeb
Showing 1 changed file with 64 additions and 6 deletions.
70 changes: 64 additions & 6 deletions dojo/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2395,17 +2395,57 @@ def sum_by_severity_level(metrics):


def get_open_findings_burndown(product):
findings = Finding.objects.filter(test__engagement__product=product)
findings = Finding.objects.filter(test__engagement__product=product, duplicate=False)
f_list = list(findings)

curr_date = datetime.combine(datetime.now(), datetime.min.time())
start_date = curr_date - timedelta(days=90)

critical_count = len(list(findings.filter(date__lt=start_date).filter(severity='Critical')))
high_count = len(list(findings.filter(date__lt=start_date).filter(severity='High')))
medium_count = len(list(findings.filter(date__lt=start_date).filter(severity='Medium')))
low_count = len(list(findings.filter(date__lt=start_date).filter(severity='Low')))
info_count = len(list(findings.filter(date__lt=start_date).filter(severity='Info')))
critical_count = 0
high_count = 0
medium_count = 0
low_count = 0
info_count = 0

# count all findings older than 90 days that are still active OR will be mitigated/risk-accepted in the next 90 days
for f in list(findings.filter(date__lt=start_date)):
if f.active:
if f.severity == 'Critical':
critical_count += 1
if f.severity == 'High':
high_count += 1
if f.severity == 'Medium':
medium_count += 1
if f.severity == 'Low':
low_count += 1
if f.severity == 'Info':
info_count += 1
elif f.is_mitigated:
f_mitigated_date = f.mitigated.timestamp()
if f_mitigated_date >= start_date.timestamp():
if f.severity == 'Critical':
critical_count += 1
if f.severity == 'High':
high_count += 1
if f.severity == 'Medium':
medium_count += 1
if f.severity == 'Low':
low_count += 1
if f.severity == 'Info':
info_count += 1
elif f.risk_accepted:
f_risk_accepted_date = f.risk_acceptance.created.timestamp()
if f_risk_accepted_date >= start_date.timestamp():
if f.severity == 'Critical':
critical_count += 1
if f.severity == 'High':
high_count += 1
if f.severity == 'Medium':
medium_count += 1
if f.severity == 'Low':
low_count += 1
if f.severity == 'Info':
info_count += 1

running_min, running_max = float('inf'), float('-inf')
past_90_days = {
Expand All @@ -2416,13 +2456,15 @@ def get_open_findings_burndown(product):
'Info': []
}

# count the number of open findings for the 90-day window
for i in range(90, -1, -1):
start = (curr_date - timedelta(days=i))

d_start = start.timestamp()
d_end = (start + timedelta(days=1)).timestamp()

for f in f_list:
# If a finding was opened on this day we add it to the counter of that day
f_open_date = datetime.combine(f.date, datetime.min.time()).timestamp()
if f_open_date >= d_start and f_open_date < d_end:
if f.severity == 'Critical':
Expand All @@ -2436,6 +2478,7 @@ def get_open_findings_burndown(product):
if f.severity == 'Info':
info_count += 1

# If a finding was mitigated on this day we subtract it
if f.is_mitigated:
f_mitigated_date = f.mitigated.timestamp()
if f_mitigated_date >= d_start and f_mitigated_date < d_end:
Expand All @@ -2450,6 +2493,21 @@ def get_open_findings_burndown(product):
if f.severity == 'Info':
info_count -= 1

# If a finding was risk accepted on this day we subtract it
elif f.risk_accepted:
f_risk_accepted_date = f.risk_acceptance.created.timestamp()
if f_risk_accepted_date >= d_start and f_risk_accepted_date < d_end:
if f.severity == 'Critical':
critical_count -= 1
if f.severity == 'High':
high_count -= 1
if f.severity == 'Medium':
medium_count -= 1
if f.severity == 'Low':
low_count -= 1
if f.severity == 'Info':
info_count -= 1

f_day = [critical_count, high_count, medium_count, low_count, info_count]
if min(f_day) < running_min:
running_min = min(f_day)
Expand Down

0 comments on commit 893dfeb

Please sign in to comment.