Updates to metrics/views.py, api_v2/serailizers.py, utils.py, and HTML templates to deprecate the s0,s1,s2,s3,s4 naming convention

Update api_v2/views.py to have API reuse existing metrics view
Fix duplicate PK in dojo/fixtures/unit_limit_reqresp.json

Author: jamiesonio

dojo/api_v2/serializers.py

@@ -3112,10 +3112,13 @@ class SimpleMetricsSerializer(serializers.Serializer):
     product_type_id = serializers.IntegerField(read_only=True)
     product_type_name = serializers.CharField(read_only=True)
     Total = serializers.IntegerField(read_only=True)
-    S0 = serializers.IntegerField(read_only=True)  # Critical
-    S1 = serializers.IntegerField(read_only=True)  # High
-    S2 = serializers.IntegerField(read_only=True)  # Medium
-    S3 = serializers.IntegerField(read_only=True)  # Low
-    S4 = serializers.IntegerField(read_only=True)  # Info
+    
+    # Severity labels
+    critical = serializers.IntegerField(read_only=True)
+    high = serializers.IntegerField(read_only=True)
+    medium = serializers.IntegerField(read_only=True)
+    low = serializers.IntegerField(read_only=True)
+    info = serializers.IntegerField(read_only=True)
+    
     Opened = serializers.IntegerField(read_only=True)
     Closed = serializers.IntegerField(read_only=True)

dojo/api_v2/views.py

@@ -3175,22 +3175,19 @@ def get_queryset(self):
         return Answered_Survey.objects.all().order_by("id")
 
 
-# Authorization: object-based (consistent with UI)
+# Authorization: authenticated
 class SimpleMetricsViewSet(
     viewsets.ReadOnlyModelViewSet,
 ):
 
     """
     Simple metrics API endpoint that provides finding counts by product type
     broken down by severity and month status.
-
-    This endpoint replicates the logic from the UI's /metrics/simple endpoint
-    and uses the same authorization model for consistency.
     """
 
     serializer_class = serializers.SimpleMetricsSerializer
-    queryset = Product_Type.objects.none()  # Required for consistent auth behavior
-    permission_classes = (IsAuthenticated,)  # Match pattern used by RoleViewSet
+    queryset = Product_Type.objects.none()
+    permission_classes = (IsAuthenticated,)
     pagination_class = None
 
     @extend_schema(
@@ -3215,19 +3212,16 @@ class SimpleMetricsViewSet(
     def list(self, request):
         """
         Retrieve simple metrics data for the requested month grouped by product type.
-
-        This endpoint replicates the logic from the UI's /metrics/simple endpoint
-        and uses the same authorization model for consistency.
-
-        Performance optimized with database aggregation instead of Python loops.
         """
-        # Parse the date parameter, default to current month (same as UI)
+        from dojo.metrics.views import get_simple_metrics_data
+        
+        # Parse the date parameter, default to current month
         now = timezone.now()
         date_param = request.query_params.get("date")
         product_type_id = request.query_params.get("product_type_id")
 
         if date_param:
-            # Enhanced input validation while maintaining consistency with UI behavior
+            # Input validation
             if len(date_param) > 20:
                 return Response(
                     {"error": "Invalid date parameter length."},
@@ -3246,7 +3240,7 @@ def list(self, request):
                 # Parse date string with validation
                 parsed_date = datetime.strptime(date_param, "%Y-%m-%d")
 
-                # Reasonable date range validation
+                # Date range validation
                 min_date = datetime(2000, 1, 1)
                 max_date = datetime.now() + relativedelta(years=1)
 
@@ -3265,83 +3259,36 @@ def list(self, request):
                     status=status.HTTP_400_BAD_REQUEST,
                 )
 
-        # Get authorized product types (same as UI implementation)
-        product_types = get_authorized_product_types(Permissions.Product_Type_View)
-
-        # Optional filtering by specific product type
+        # Optional filtering by specific product type with validation
+        parsed_product_type_id = None
         if product_type_id:
             try:
-                product_type_id = int(product_type_id)
-                product_types = product_types.filter(id=product_type_id)
-                if not product_types.exists():
-                    return Response(
-                        {"error": "Product type not found or access denied."},
-                        status=status.HTTP_404_NOT_FOUND,
-                    )
+                parsed_product_type_id = int(product_type_id)
             except ValueError:
                 return Response(
                     {"error": "Invalid product_type_id format."},
                     status=status.HTTP_400_BAD_REQUEST,
                 )
 
-        # Build base filter conditions (same logic as UI)
-        base_filter = Q(
-            false_p=False,
-            duplicate=False,
-            out_of_scope=False,
-            date__month=now.month,
-            date__year=now.year,
-        )
-
-        # Apply verification status filtering if enabled (same as UI)
-        if (get_system_setting("enforce_verified_status", True) or
-                get_system_setting("enforce_verified_status_metrics", True)):
-            base_filter &= Q(verified=True)
-
-        # Optimize with single aggregated query per product type
-        metrics_data = []
-
-        for pt in product_types:
-            # Single aggregated query replacing the Python loop
-            metrics = Finding.objects.filter(
-                test__engagement__product__prod_type=pt,
-            ).filter(base_filter).aggregate(
-                # Total count
-                total=Count("id"),
-
-                # Count by severity using conditional aggregation
-                critical=Count("id", filter=Q(severity="Critical")),
-                high=Count("id", filter=Q(severity="High")),
-                medium=Count("id", filter=Q(severity="Medium")),
-                low=Count("id", filter=Q(severity="Low")),
-                info=Count("id", filter=~Q(severity__in=["Critical", "High", "Medium", "Low"])),
-
-                # Count opened in current month
-                opened=Count("id", filter=Q(date__year=now.year, date__month=now.month)),
-
-                # Count closed in current month
-                closed=Count("id", filter=Q(
-                    mitigated__isnull=False,
-                    mitigated__year=now.year,
-                    mitigated__month=now.month,
-                )),
+        # Get metrics data
+        try:
+            metrics_data = get_simple_metrics_data(
+                now, 
+                parsed_product_type_id
+            )
+        except Exception as e:
+            logger.error(f"Error retrieving metrics: {e}")
+            return Response(
+                {"error": "Unable to retrieve metrics data."},
+                status=status.HTTP_500_INTERNAL_SERVER_ERROR,
             )
 
-            # Build the findings summary (same structure as UI)
-            findings_broken_out = {
-                "product_type_id": pt.id,
-                "product_type_name": pt.name,  # Always show real name like UI
-                "Total": metrics["total"] or 0,
-                "S0": metrics["critical"] or 0,  # Critical
-                "S1": metrics["high"] or 0,      # High
-                "S2": metrics["medium"] or 0,    # Medium
-                "S3": metrics["low"] or 0,       # Low
-                "S4": metrics["info"] or 0,      # Info
-                "Opened": metrics["opened"] or 0,
-                "Closed": metrics["closed"] or 0,
-            }
-
-            metrics_data.append(findings_broken_out)
+        # Check if product type was requested but not found
+        if parsed_product_type_id and not metrics_data:
+            return Response(
+                {"error": "Product type not found or access denied."},
+                status=status.HTTP_404_NOT_FOUND,
+            )
 
         serializer = self.serializer_class(metrics_data, many=True)
         return Response(serializer.data)

dojo/fixtures/unit_limit_reqresp.json

@@ -165,52 +165,6 @@
       "hash_code": "c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0",
       "last_reviewed": null
     }
-  },{
-    "pk": 8,
-    "model": "dojo.finding",
-    "fields": {
-      "last_reviewed_by": null,
-      "reviewers": [],
-      "static_finding": false,
-      "date": "2017-12-31",
-      "references": "",
-      "files": [],
-      "payload": null,
-      "under_defect_review": false,
-      "impact": "High",
-      "false_p": false,
-      "verified": false,
-      "severity": "High",
-      "title": "DUMMY FINDING WITH REQRESP",
-      "param": null,
-      "created": "2017-12-01T00:00:00Z",
-      "duplicate": false,
-      "mitigation": "MITIGATION",
-      "found_by": [
-        1
-      ],
-      "numerical_severity": "S0",
-      "test": 5,
-      "out_of_scope": false,
-      "cwe": 1,
-      "file_path": "",
-      "duplicate_finding": null,
-      "description": "TEST finding",
-      "mitigated_by": null,
-      "reporter": 2,
-      "mitigated": null,
-      "active": false,
-      "line": 100,
-      "under_review": false,
-      "defect_review_requested_by": 2,
-      "review_requested_by": 2,
-      "thread_id": 1,
-      "url": "http://www.example.com",
-      "notes": [],
-      "dynamic_finding": false,
-      "hash_code": "c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0",
-      "last_reviewed": null
-    }
   },{
     "pk": 123,
     "model": "dojo.burprawrequestresponse",