feat(disclaimers): Split disclaimers

dojo/db_migrations/0219_system_settings_disclaimer_notif.py

@@ -0,0 +1,38 @@
+# Generated by Django 5.0.8 on 2024-09-12 18:22
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dojo', '0218_system_settings_enforce_verified_status_and_more'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='system_settings',
+            old_name='disclaimer',
+            new_name='disclaimer_notifications',
+        ),
+        migrations.AlterField(
+            model_name='system_settings',
+            name='disclaimer_notifications',
+            field=models.TextField(blank=True, default='', help_text='Include this custom disclaimer on all notifications', max_length=3000, verbose_name='Custom Disclaimer for Notifications'),
+        ),
+        migrations.AddField(
+            model_name='system_settings',
+            name='disclaimer_reports',
+            field=models.TextField(blank=True, default='', help_text='Include this custom disclaimer on generated reports', max_length=5000, verbose_name='Custom Disclaimer for Reports'),
+        ),
+        migrations.AddField(
+            model_name='system_settings',
+            name='disclaimer_notes',
+            field=models.TextField(blank=True, default='', help_text='Include this custom disclaimer next to input form for notes', max_length=3000, verbose_name='Custom Disclaimer for Notes'),
+        ),
+        migrations.AddField(
+            model_name='system_settings',
+            name='disclaimer_reports_forced',
+            field=models.BooleanField(default=False, help_text="Disclaimer will be added to all reports even if user didn't selected 'Include disclaimer'.", verbose_name='Force to add disclaimer reports'),
+        ),
+    ]

dojo/db_migrations/0220_system_settings_disclaimer_notif.py

@@ -0,0 +1,21 @@
+# Generated by Django 5.0.8 on 2024-09-12 18:22
+
+from django.db import migrations
+
+
+def copy_notif_field(apps, schema_editor):
+    system_settings_model = apps.get_model('dojo', 'System_Settings').objects.get()
+    if system_settings_model.disclaimer_notifications:
+        system_settings_model.disclaimer_reports = system_settings_model.disclaimer_notifications
+        system_settings_model.save()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dojo', '0219_system_settings_disclaimer_notif'),
+    ]
+
+    operations = [
+        migrations.RunPython(copy_notif_field),
+    ]

dojo/fixtures/defect_dojo_sample_data.json

@@ -7119,7 +7119,7 @@
         "enable_finding_sla": true,
         "allow_anonymous_survey_repsonse": false,
         "credentials": "",
-        "disclaimer": "",
+        "disclaimer_notifications": "",
         "risk_acceptance_form_default_days": 180,
         "risk_acceptance_notify_before_expiration": 10,
         "enable_credentials": true,

dojo/forms.py

@@ -860,6 +860,8 @@ def __init__(self, *args, **kwargs):
             self.fields["expiration_date"].initial = expiration_date
         # self.fields['path'].help_text = 'Existing proof uploaded: %s' % self.instance.filename() if self.instance.filename() else 'None'
         self.fields["accepted_findings"].queryset = get_authorized_findings(Permissions.Risk_Acceptance)
+        if disclaimer := get_system_setting("disclaimer_notes"):
+            self.disclaimer = disclaimer.strip()
 
 
 class BaseManageFileFormSet(forms.BaseModelFormSet):
@@ -1569,6 +1571,8 @@ def __init__(self, *args, **kwargs):
         self.fields["severity"].required = False
         # we need to defer initialization to prevent multiple initializations if other forms are shown
         self.fields["tags"].widget.tag_options = tagulous.models.options.TagOptions(autocomplete_settings={"width": "200px", "defer": True})
+        if disclaimer := get_system_setting("disclaimer_notes"):
+            self.disclaimer = disclaimer.strip()
 
     def clean(self):
         cleaned_data = super().clean()
@@ -1712,6 +1716,11 @@ class Meta:
         model = Notes
         fields = ["entry", "private"]
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        if disclaimer := get_system_setting("disclaimer_notes"):
+            self.disclaimer = disclaimer.strip()
+
 
 class TypedNoteForm(NoteForm):
 
@@ -1763,6 +1772,8 @@ def __init__(self, *args, **kwargs):
             self.fields["mitigated_by"].queryset = get_authorized_users(Permissions.Test_Edit)
             self.fields["mitigated"].initial = self.instance.mitigated
             self.fields["mitigated_by"].initial = self.instance.mitigated_by
+        if disclaimer := get_system_setting("disclaimer_notes"):
+            self.disclaimer = disclaimer.strip()
 
     def _post_clean(self):
         super()._post_clean()
@@ -1815,6 +1826,11 @@ class Meta:
         model = Notes
         fields = ["entry"]
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        if disclaimer := get_system_setting("disclaimer_notes"):
+            self.disclaimer = disclaimer.strip()
+
 
 class ClearFindingReviewForm(forms.ModelForm):
     entry = forms.CharField(
@@ -1829,6 +1845,11 @@ class Meta:
         model = Finding
         fields = ["active", "verified", "false_p", "out_of_scope", "duplicate", "is_mitigated"]
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        if disclaimer := get_system_setting("disclaimer_notes"):
+            self.disclaimer = disclaimer.strip()
+
 
 class ReviewFindingForm(forms.Form):
     reviewers = forms.MultipleChoiceField(
@@ -1866,6 +1887,8 @@ def __init__(self, *args, **kwargs):
         self.reviewer_queryset = users
         # Set the users in the form
         self.fields["reviewers"].choices = self._get_choices(self.reviewer_queryset)
+        if disclaimer := get_system_setting("disclaimer_notes"):
+            self.disclaimer = disclaimer.strip()
 
     @staticmethod
     def _get_choices(queryset):
@@ -2305,6 +2328,13 @@ class ReportOptionsForm(forms.Form):
     include_disclaimer = forms.ChoiceField(choices=yes_no, label="Disclaimer")
     report_type = forms.ChoiceField(choices=(("HTML", "HTML"),))
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        if get_system_setting("disclaimer_reports_forced"):
+            self.fields["include_disclaimer"].disabled = True
+            self.fields["include_disclaimer"].initial = "1"  # represents yes
+            self.fields["include_disclaimer"].help_text = "Administrator of the system enforced placement of disclaimer in all reports. You are not able exclude disclaimer from this report."
+
 
 class CustomReportOptionsForm(forms.Form):
     yes_no = (("0", "No"), ("1", "Yes"))
@@ -2740,6 +2770,11 @@ class Meta:
         model = Engagement_Presets
         exclude = ["product"]
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        if disclaimer := get_system_setting("disclaimer_notes"):
+            self.disclaimer = disclaimer.strip()
+
 
 class DeleteEngagementPresetsForm(forms.ModelForm):
     id = forms.IntegerField(required=True,

dojo/models.py

@@ -490,9 +490,20 @@ class System_Settings(models.Model):
         help_text=_("Enable anyone with a link to the survey to answer a survey"),
     )
     credentials = models.TextField(max_length=3000, blank=True)
-    disclaimer = models.TextField(max_length=3000, default="", blank=True,
-                                  verbose_name=_("Custom Disclaimer"),
-                                  help_text=_("Include this custom disclaimer on all notifications and generated reports"))
+    disclaimer_notifications = models.TextField(max_length=3000, default="", blank=True,
+                                  verbose_name=_("Custom Disclaimer for Notifications"),
+                                  help_text=_("Include this custom disclaimer on all notifications"))
+    disclaimer_reports = models.TextField(max_length=5000, default="", blank=True,
+                                  verbose_name=_("Custom Disclaimer for Reports"),
+                                  help_text=_("Include this custom disclaimer on generated reports"))
+    disclaimer_reports_forced = models.BooleanField(
+        default=False,
+        blank=False,
+        verbose_name=_("Force to add disclaimer reports"),
+        help_text=_("Disclaimer will be added to all reports even if user didn't selected 'Include disclaimer'."))
+    disclaimer_notes = models.TextField(max_length=3000, default="", blank=True,
+                                  verbose_name=_("Custom Disclaimer for Notes"),
+                                  help_text=_("Include this custom disclaimer next to input form for notes"))
     risk_acceptance_form_default_days = models.IntegerField(null=True, blank=True, default=180, help_text=_("Default expiry period for risk acceptance form."))
     risk_acceptance_notify_before_expiration = models.IntegerField(null=True, blank=True, default=10,
                     verbose_name=_("Risk acceptance expiration heads up days"), help_text=_("Notify X days before risk acceptance expires. Leave empty to disable."))

dojo/reports/views.py

@@ -132,6 +132,10 @@ def _set_state(self, request: HttpRequest):
         self.host = report_url_resolver(request)
         self.selected_widgets = self.get_selected_widgets(request)
         self.widgets = list(self.selected_widgets.values())
+        self.include_disclaimer = get_system_setting("disclaimer_reports_forced", 0)
+        self.disclaimer = get_system_setting("disclaimer_reports")
+        if self.include_disclaimer and len(self.disclaimer) == 0:
+            self.disclaimer = "Please configure in System Settings."
 
     def get_selected_widgets(self, request):
         selected_widgets = report_widget_factory(json_data=request.POST["json"], request=request, host=self.host,
@@ -164,7 +168,10 @@ def get_context(self):
             "host": self.host,
             "finding_notes": self.finding_notes,
             "finding_images": self.finding_images,
-            "user_id": self.request.user.id}
+            "user_id": self.request.user.id,
+            "include_disclaimer": self.include_disclaimer,
+            "disclaimer": self.disclaimer,
+        }
 
 
 def report_findings(request):
@@ -285,8 +292,8 @@ def product_endpoint_report(request, pid):
     include_finding_images = int(request.GET.get("include_finding_images", 0))
     include_executive_summary = int(request.GET.get("include_executive_summary", 0))
     include_table_of_contents = int(request.GET.get("include_table_of_contents", 0))
-    include_disclaimer = int(request.GET.get("include_disclaimer", 0))
-    disclaimer = get_system_setting("disclaimer")
+    include_disclaimer = int(request.GET.get("include_disclaimer", 0)) or (get_system_setting("disclaimer_reports_forced", 0))
+    disclaimer = get_system_setting("disclaimer_reports")
     if include_disclaimer and len(disclaimer) == 0:
         disclaimer = "Please configure in System Settings."
     generate = "_generate" in request.GET
@@ -363,8 +370,8 @@ def generate_report(request, obj, host_view=False):
     include_finding_images = int(request.GET.get("include_finding_images", 0))
     include_executive_summary = int(request.GET.get("include_executive_summary", 0))
     include_table_of_contents = int(request.GET.get("include_table_of_contents", 0))
-    include_disclaimer = int(request.GET.get("include_disclaimer", 0))
-    disclaimer = get_system_setting("disclaimer")
+    include_disclaimer = int(request.GET.get("include_disclaimer", 0)) or (get_system_setting("disclaimer_reports_forced", 0))
+    disclaimer = get_system_setting("disclaimer_reports")
 
     if include_disclaimer and len(disclaimer) == 0:
         disclaimer = "Please configure in System Settings."

dojo/templates/dojo/custom_html_report.html

@@ -3,6 +3,12 @@
 {% block content %}
     {{ block.super }}
     <div class="container" id="html_report">
+        {% if include_disclaimer %}
+            <div style="background-color:#DADCE2; border:1px #003333; padding:.8em; ">
+                <span style="font-size:16pt;  font-family: 'Cambria','times new roman','garamond',serif; color:#ff0000;">Disclaimer</span><br/>
+                <p style="font-size:11pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">{{ disclaimer | safe }}</p>
+            </div>
+		{% endif %}
         {% for widget in widgets %}
             {{ widget.get_html }}
         {% endfor %}

dojo/templates/dojo/endpoint_pdf_report.html

@@ -81,7 +81,7 @@ <h5>
         {% if include_disclaimer%}
             <div style="background-color:#DADCE2; border:1px #003333; padding:.8em; ">
                 <span style="font-size:16pt;  font-family: 'Cambria','times new roman','garamond',serif; color:#ff0000;">Disclaimer</span><br/>
-                <p style="font-size:11pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">{{ disclaimer }}</p>
+                <p style="font-size:11pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">{{ disclaimer | safe }}</p>
             </div>
 		{% endif %}
         <div class="row">

dojo/templates/dojo/engagement_pdf_report.html

@@ -158,7 +158,7 @@ <h5>
         {% if include_disclaimer%}
             <div style="background-color:#DADCE2; border:1px #003333; padding:.8em; ">
                 <span style="font-size:16pt;  font-family: 'Cambria','times new roman','garamond',serif; color:#ff0000;">Disclaimer</span><br/>
-                <p style="font-size:11pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">{{ disclaimer }}</p>
+                <p style="font-size:11pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">{{ disclaimer | safe }}</p>
             </div>
 		{% endif %}
         <div class="row">

dojo/templates/dojo/finding_pdf_report.html

@@ -57,7 +57,7 @@ <h5>
         {% if include_disclaimer%}
             <div style="background-color:#DADCE2; border:1px #003333; padding:.8em; ">
                 <span style="font-size:16pt;  font-family: 'Cambria','times new roman','garamond',serif; color:#ff0000;">Disclaimer</span><br/>
-                <p style="font-size:11pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">{{ disclaimer }}</p>
+                <p style="font-size:11pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">{{ disclaimer | safe }}</p>
             </div>
 		{% endif %}
         <div class="row">

dojo/templates/dojo/findings_list_snippet.html

@@ -253,6 +253,12 @@ <h3 class="has-filters">
                                             {{ bulk_edit_form.media.js }}
                                         {% endcomment %}
                                         {{ bulk_edit_form.tags }}
+                                        {% if bulk_edit_form.disclaimer %}
+                                            <div style="background-color:#DADCE2; border:1px #003333; padding:.3em; margin:.1em; ">
+                                                <div style="color:#ff0000;">Disclaimer</div>
+                                                <div>{{ bulk_edit_form.disclaimer }}</div>
+                                            </div>
+                                        {% endif %}
                                         <input type="submit" class="btn btn-sm btn-primary" value="Submit"/>
                                     </form>
                             </li>

dojo/templates/dojo/form_fields.html

@@ -80,4 +80,11 @@
             </div>
         {% endif %}
     </div>
-{% endfor %}
+{% endfor %}
+
+{% if form.disclaimer %}
+    <div class="form-group" style="background-color:#DADCE2; border:1px #003333; padding:.8em; margin:.8em; ">
+        <div class="col-sm-2" style="color:#ff0000;">Disclaimer</div>
+        <div class="col-sm-10">{{ form.disclaimer }}</div>
+    </div>
+{% endif %}

dojo/templates/dojo/product_endpoint_pdf_report.html

@@ -119,7 +119,7 @@ <h5>Finding Age</h5>
         {% if include_disclaimer%}
             <div style="background-color:#DADCE2; border:1px #003333; padding:.8em; ">
                 <span style="font-size:16pt;  font-family: 'Cambria','times new roman','garamond',serif; color:#ff0000;">Disclaimer</span><br/>
-                <p style="font-size:11pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">{{ disclaimer }}</p>
+                <p style="font-size:11pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">{{ disclaimer | safe }}</p>
             </div>
         {% endif %}
         <div class="row">

dojo/templates/dojo/product_pdf_report.html

@@ -142,7 +142,7 @@ <h5>Finding Age</h5>
         {% if include_disclaimer%}
             <div style="background-color:#DADCE2; border:1px #003333; padding:.8em; ">
                 <span style="font-size:16pt;  font-family: 'Cambria','times new roman','garamond',serif; color:#ff0000;">Disclaimer</span><br/>
-                <p style="font-size:11pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">{{ disclaimer }}</p>
+                <p style="font-size:11pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">{{ disclaimer | safe }}</p>
             </div>
 		{% endif %}
         <div class="row">

dojo/templates/dojo/product_type_pdf_report.html

@@ -114,7 +114,7 @@ <h4>
         {% if include_disclaimer%}
             <div style="background-color:#DADCE2; border:1px #003333; padding:.8em; ">
                 <span style="font-size:16pt;  font-family: 'Cambria','times new roman','garamond',serif; color:#ff0000;">Disclaimer</span><br/>
-                <p style="font-size:11pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">{{ disclaimer }}</p>
+                <p style="font-size:11pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">{{ disclaimer | safe }}</p>
             </div>
 		{% endif %}
         <div class="row">

dojo/templates/dojo/test_pdf_report.html

@@ -146,7 +146,7 @@ <h5>
         {% if include_disclaimer%}
             <div style="background-color:#DADCE2; border:1px #003333; padding:.8em; ">
                 <span style="font-size:16pt;  font-family: 'Cambria','times new roman','garamond',serif; color:#ff0000;">Disclaimer</span><br/>
-                <p style="font-size:11pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">{{ disclaimer }}</p>
+                <p style="font-size:11pt; line-height:10pt; font-family: 'Cambria','times roman',serif;">{{ disclaimer | safe }}</p>
             </div>
 		{% endif %}
         <div class="row">

dojo/templates/dojo/view_test.html

@@ -848,6 +848,12 @@ <h4 class="has-filters">
                                 {{ bulk_edit_form.media.css }}
                                 {{ bulk_edit_form.media.js }}
                                 {{ bulk_edit_form.tags }}
+                                {% if bulk_edit_form.disclaimer %}
+                                    <div style="background-color:#DADCE2; border:1px #003333; padding:.3em; margin:.1em; ">
+                                        <div style="color:#ff0000;">Disclaimer</div>
+                                        <div>{{ bulk_edit_form.disclaimer }}</div>
+                                    </div>
+                                {% endif %}
                                 <input type="submit"
                                     class="btn btn-sm btn-secondary"
                                     value="Submit"

dojo/templates/notifications/alert/review_requested.tpl

@@ -14,7 +14,7 @@
 
 {% trans "Full details of the finding can be reviewed at" %} {{ url|full_url }}
 
-{% if system_settings.disclaimer and system_settings.disclaimer.strip %}    
+{% if system_settings.disclaimer_notifications and system_settings.disclaimer_notifications.strip %}    
     {% trans "Disclaimer:" %}
-    {{ system_settings.disclaimer }}
+    {{ system_settings.disclaimer_notifications }}
 {% endif %}