Report Malicious IPs (#2867)

* core functionality for reporting ips done * valid ip and non duplicate check added * reverting poetry.lock * Resolved merge conflicts in poetry.lock * Fix formatting issues with ruff * removed set-ouput which was deprecated * automatic handling of outdated poetry.lock * minor link updates * poetry.lock reversed * ruff fix * revert blog formatttings * removed atomic to resolve the error * to check the test urls case * resolving merge conflict * removing redundant lines in poetry.lock * pre commit fixes * ruff formats * run test resolution * ruff formats * attempt to resolve the merge migration conflicts * left * uncommented contributor stats * build fix * ruff fix * views fixes * ruff fixes * removed class-views * setup file * minor changes * resolving header file * header file reverse * fix djlint --------- Co-authored-by: DonnieBLT <[email protected]>
OWASP-BLT · Nov 13, 2024 · f8ed8b0 · f8ed8b0
1 parent 1acbf2c
commit f8ed8b0
Show file tree

Hide file tree

Showing 16 changed files with 691 additions and 8 deletions.
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
@@ -43,12 +43,12 @@ jobs:
 
       - name: Get Poetry cache directory
         id: poetry-cache
-        run: echo "::set-output name=dir::$(poetry config cache-dir)"
+        run: echo "POETRY_CACHE_DIR=$(poetry config cache-dir)" >> $GITHUB_ENV
 
       - name: Cache Poetry dependencies
         uses: actions/cache@v3
         with:
-          path: ${{ steps.poetry-cache.outputs.dir }}
+          path: ${{ env.POETRY_CACHE_DIR }}
           key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }}
           restore-keys: |
             ${{ runner.os }}-poetry-

diff --git a/.gitignore b/.gitignore
@@ -17,4 +17,4 @@ chromedriver
 requirements.txt
 *.code-workspace
 *.log
-*.exe
+*.exe
diff --git a/blt/urls.py b/blt/urls.py
@@ -106,6 +106,8 @@
     ListHunts,
     OngoingHunts,
     PreviousHunts,
+    ReportedIpListView,
+    ReportIpView,
     ScoreboardView,
     TimeLogListAPIView,
     TimeLogListView,
@@ -521,6 +523,8 @@
     re_path(r"^api/v1/contributors/$", contributors, name="api_contributor"),
     path("project/<slug:slug>/", ProjectDetailView.as_view(), name="project_view"),
     path("projects/<slug:slug>/badge/", ProjectBadgeView.as_view(), name="project-badge"),
+    re_path(r"^report-ip/$", ReportIpView.as_view(), name="report_ip"),
+    re_path(r"^reported-ips/$", ReportedIpListView.as_view(), name="reported_ips_list"),
     re_path(
         r"^api/v1/createissues/$",
         csrf_exempt(IssueCreate.as_view()),

diff --git a/setup.sh b/setup.sh
@@ -124,4 +124,3 @@ main() {
 }
 
 main
-
diff --git a/website/forms.py b/website/forms.py
@@ -2,7 +2,7 @@
 from django import forms
 from mdeditor.fields import MDTextFormField
 
-from .models import Bid, Monitor, UserProfile
+from .models import Bid, IpReport, Monitor, UserProfile
 
 
 class UserProfileForm(forms.ModelForm):
@@ -84,6 +84,12 @@ class Meta:
         fields = ["url", "keyword"]
 
 
+class IpReportForm(forms.ModelForm):
+    class Meta:
+        model = IpReport
+        fields = ["ip_address", "ip_type", "description", "activity_title", "activity_type"]
+
+
 class BidForm(forms.ModelForm):
     class Meta:
         model = Bid

diff --git a/website/migrations/0144_ipreport.py b/website/migrations/0144_ipreport.py
@@ -0,0 +1,57 @@
+# Generated by Django 5.1.3 on 2024-11-10 06:57
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("website", "0143_contributorstats_last_updated_and_more"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="IpReport",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("activity_title", models.CharField(max_length=255)),
+                (
+                    "activity_type",
+                    models.CharField(
+                        choices=[("malicious", "Malicious"), ("friendly", "Friendly")],
+                        max_length=50,
+                    ),
+                ),
+                ("ip_address", models.GenericIPAddressField()),
+                (
+                    "ip_type",
+                    models.CharField(choices=[("ipv4", "IPv4"), ("ipv6", "IPv6")], max_length=10),
+                ),
+                ("description", models.TextField()),
+                ("created", models.DateTimeField(auto_now_add=True)),
+                (
+                    "reporter_ip_address",
+                    models.GenericIPAddressField(blank=True, null=True),
+                ),
+                (
+                    "user",
+                    models.ForeignKey(
+                        blank=True,
+                        null=True,
+                        on_delete=django.db.models.deletion.CASCADE,
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
+            ],
+        ),
+    ]
diff --git a/website/migrations/0150_merge_20241110_0720.py b/website/migrations/0150_merge_20241110_0720.py
@@ -0,0 +1,12 @@
+# Generated by Django 5.1.3 on 2024-11-10 07:20
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("website", "0144_ipreport"),
+        ("website", "0149_project_closed_issues_project_created_at_and_more"),
+    ]
+
+    operations = []
diff --git a/website/migrations/0151_contributorstats.py b/website/migrations/0151_contributorstats.py
@@ -0,0 +1,34 @@
+# Generated by Django 5.1.3 on 2024-11-10 19:08
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("website", "0150_merge_20241110_0720"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="ContributorStats",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("username", models.CharField(max_length=255, unique=True)),
+                ("commits", models.IntegerField(default=0)),
+                ("issues_opened", models.IntegerField(default=0)),
+                ("issues_closed", models.IntegerField(default=0)),
+                ("prs", models.IntegerField(default=0)),
+                ("comments", models.IntegerField(default=0)),
+                ("assigned_issues", models.IntegerField(default=0)),
+                ("created", models.DateTimeField(auto_now_add=True)),
+            ],
+        ),
+    ]
diff --git a/website/migrations/0152_merge_20241111_0616.py b/website/migrations/0152_merge_20241111_0616.py
@@ -0,0 +1,12 @@
+# Generated by Django 5.1.3 on 2024-11-11 06:16
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("website", "0151_contributorstats"),
+        ("website", "0151_remove_project_latest_release"),
+    ]
+
+    operations = []
diff --git a/website/migrations/0153_delete_contributorstats.py b/website/migrations/0153_delete_contributorstats.py
@@ -0,0 +1,15 @@
+# Generated by Django 5.1.3 on 2024-11-11 06:16
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("website", "0152_merge_20241111_0616"),
+    ]
+
+    operations = [
+        migrations.DeleteModel(
+            name="ContributorStats",
+        ),
+    ]
diff --git a/website/models.py b/website/models.py
@@ -900,3 +900,26 @@ class DailyStatusReport(models.Model):
 
     def __str__(self):
         return f"Daily Status Report by {self.user.username} on {self.date}"
+
+
+class IpReport(models.Model):
+    IP_TYPE_CHOICES = [
+        ("ipv4", "IPv4"),
+        ("ipv6", "IPv6"),
+    ]
+    ACTIVITY_TYPE_CHOICES = [
+        ("malicious", "Malicious"),
+        ("friendly", "Friendly"),
+    ]
+
+    user = models.ForeignKey(User, null=True, blank=True, on_delete=models.CASCADE)
+    activity_title = models.CharField(max_length=255)
+    activity_type = models.CharField(max_length=50, choices=ACTIVITY_TYPE_CHOICES)
+    ip_address = models.GenericIPAddressField()
+    ip_type = models.CharField(max_length=10, choices=IP_TYPE_CHOICES)
+    description = models.TextField()
+    created = models.DateTimeField(auto_now_add=True)
+    reporter_ip_address = models.GenericIPAddressField(null=True, blank=True)
+
+    def __str__(self):
+        return f"{self.ip_address} ({self.ip_type}) - {self.activity_title}"
diff --git a/website/processed_files.txt b/website/processed_files.txt
diff --git a/website/templates/includes/sidenav.html b/website/templates/includes/sidenav.html
@@ -91,6 +91,15 @@
                             <span>Bug Bounties</span>
                         </a>
                     </li>
+                    <li class="mb-2 {% if request.path == '/reported-ips/' %}bg-gray-200{% endif %}">
+                        <a href="{% url 'reported_ips_list' %}"
+                           class="flex items-center w-full text-black no-underline p-2">
+                            <div class="icon text-red-500">
+                                <i class="fas fa-exclamation-triangle fa-lg"></i>
+                            </div>
+                            <span>Reported IPs</span>
+                        </a>
+                    </li>
                     <li class="mb-2 {% if request.path == '/trademarks/' %}bg-gray-200{% endif %}">
                         <a href="{% url 'trademark_search' %}"
                            class="flex items-center w-full text-black no-underline p-2">