local_settings.template.py

# This is an example settings file for vulnman


# Enable debug mode. DONT USE IN PRODUCTION ENVIRONMENT!
# DEBUG = True

# Allowed Hosts
# set this to the hostnames of allowed to be used in the Host HTTP header
# ALLOWED_HOSTS = ["vulnman.example.com"]

# Required Setting:
# CSRF_TRUSTED_ORIGINS = ['http://localhost','http://127.0.0.1']


# Custom CSS File
# CUSTOM_CSS_FILE = '/static/css/mystyle.css

# #################
# Database Settings
# #################
# uncomment the postgres section, if you are using the docker image
#
# Postgres Example:
#
# DATABASES = {
#  'default': {
#    'ENGINE': 'django.db.backends.postgresql',
#    'HOST': 'db',
#    'NAME': 'vulnman',
#    'USER': 'vulnman_db_user',
#    'PASSWORD': 'dontusethispassword',
#  }
# }


# #########
# Reporting
# #########

# Report Templates
# REPORT_TEMPLATES = {
#    "default": apps.reporting.default_template
# }


# Add information about your company that is displayed in the report
# REPORT_COMPANY_INFORMATION = {
#     "name": "Vulnman",
#     "street": "No Street 54",
#     "zip": "123456",
#     "city": "MyCity",
#     "homepage": "https://vulnman.github.io/vulnman",
#     "email": "contact@example.com",
#     "country": "World"
# }


# ########
# Security
# For further harding checks see https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/
# Note: the SECRET_KEY value is uniquely auto generated by default for vulnman installations
# ########

# Set this to True to avoid transmitting the CSRF cookie over HTTP accidentally.
# Default: True
# CSRF_COOKIE_SECURE = True

# Set this to True to avoid transmitting the session cookie over HTTP accidentally.
# Default: True
# SESSION_COOKIE_SECURE = True

# Enforce TOTP on all pages. ATTENTION: TOTP implementation is work in progress. Don't rely on it for now in production!
# TOTP_ENFORCE_2FA = False

##############
# LDAP
# You need to install `django-auth-ldap` to use LDAP authentication
# See https://django-auth-ldap.readthedocs.io/en/latest/install.html for library usage
##############

# import ldap
# from django_auth_ldap.config import LDAPSearch, PosixGroupType

# AUTH_LDAP_BIND_DN = "cn=admin,dc=example,dc=org"
# AUTH_LDAP_BIND_PASSWORD = "admin"
# AUTH_LDAP_USER_SEARCH = LDAPSearch(
#    "ou=Users,dc=example,dc=org", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"
# )
# LOGGING = {
#    "version": 1,
#    "disable_existing_loggers": False,
#    "handlers": {"console": {"class": "logging.StreamHandler"}},
#    "loggers": {"django_auth_ldap": {"level": "DEBUG", "handlers": ["console"]}},
# }
# AUTH_LDAP_FIND_GROUP_PERMS = True
# AUTH_LDAP_CACHE_TIMEOUT = 3600
# AUTH_LDAP_SERVER_URI = "ldap://172.17.0.2"

# AUTH_LDAP_GROUP_TYPE = PosixGroupType(name_attr='cn')
# AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
#    'ou=Groups,dc=example,dc=org',
#    ldap.SCOPE_SUBTREE,
#    '(objectClass=posixGroup)',
# )

# AUTH_LDAP_USER_ATTR_MAP = {
#    "first_name": "givenName", "last_name": "sn",
#    "email": "mail"
#}

#######
# Mail
#######
# EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
# EMAIL_HOST = "smtp.example.com"
# EMAIL_PORT = 587
# EMAIL_USE_TLS = True
# EMAIL_HOST_USER = 'jdoe'
# EMAIL_HOST_PASSWORD = 'changme'
# DEFAULT_FROM_EMAIL = "jdoe@example.com"


#####################################
# Responsible Disclosure Application
#####################################

# RESPONSIBLE_DISCLOSURE_MAIL_FROM = DEFAULT_FROM_EMAIL

# RESPONSIBLE_DISCLOSURE_VULNERABILITY_ID_PREFIX = "vulnman-"

# Amount of days for the planned publication of the vulnerability details
# RESPONSIBLE_DISCLOSURE_PLANNED_PUBLICATION_INTERVAL = 60

# Templates that just provide advisory templates and not a report template
# RESPONSIBLE_DISCLOSURE_ADVISORY_TEMPLATES = REPORT_TEMPLATES

# Additional Django packages/apps
# ADDITIONAL_PACKAGES = []