DefectDojo · valentijnscholten · Jun 8, 2026
@@ -0,0 +1 @@
+import dojo.benchmark.admin  # noqa: F401
@@ -0,0 +1,15 @@
+from django.contrib import admin
+
+from dojo.benchmark.models import (
+    Benchmark_Category,
+    Benchmark_Product,
+    Benchmark_Product_Summary,
+    Benchmark_Requirement,
+    Benchmark_Type,
+)
+
+admin.site.register(Benchmark_Type)
+admin.site.register(Benchmark_Requirement)
+admin.site.register(Benchmark_Category)
+admin.site.register(Benchmark_Product)
+admin.site.register(Benchmark_Product_Summary)
@@ -0,0 +1,100 @@
+from django.db import models
+from django.utils.translation import gettext as _
+
+
+class Benchmark_Type(models.Model):
+    name = models.CharField(max_length=300)
+    version = models.CharField(max_length=15)
+    source = (("PCI", "PCI"),
+              ("OWASP ASVS", "OWASP ASVS"),
+              ("OWASP Mobile ASVS", "OWASP Mobile ASVS"))
+    benchmark_source = models.CharField(max_length=20, blank=False,
+                                        null=True, choices=source,
+                                        default="OWASP ASVS")
+    created = models.DateTimeField(auto_now_add=True, null=False)
+    updated = models.DateTimeField(auto_now=True)
+    enabled = models.BooleanField(default=True)
+
+    def __str__(self):
+        return self.name + " " + self.version
+
+
+class Benchmark_Category(models.Model):
+    type = models.ForeignKey("dojo.Benchmark_Type", verbose_name=_("Benchmark Type"), on_delete=models.CASCADE)
+    name = models.CharField(max_length=300)
+    objective = models.TextField()
+    references = models.TextField(blank=True, null=True)
+    enabled = models.BooleanField(default=True)
+    created = models.DateTimeField(auto_now_add=True, null=False)
+    updated = models.DateTimeField(auto_now=True)
+
+    class Meta:
+        ordering = ("name",)
+
+    def __str__(self):
+        return self.name + ": " + self.type.name
+
+
+class Benchmark_Requirement(models.Model):
+    category = models.ForeignKey("dojo.Benchmark_Category", on_delete=models.CASCADE)
+    objective_number = models.CharField(max_length=15, null=True, blank=True)
+    objective = models.TextField()
+    references = models.TextField(blank=True, null=True)
+    level_1 = models.BooleanField(default=False)
+    level_2 = models.BooleanField(default=False)
+    level_3 = models.BooleanField(default=False)
+    enabled = models.BooleanField(default=True)
+    cwe_mapping = models.ManyToManyField("dojo.CWE", blank=True)
+    testing_guide = models.ManyToManyField("dojo.Testing_Guide", blank=True)
+    created = models.DateTimeField(auto_now_add=True, null=False)
+    updated = models.DateTimeField(auto_now=True)
+
+    def __str__(self):
+        return str(self.objective_number) + ": " + self.category.name
+
+
+class Benchmark_Product(models.Model):
+    product = models.ForeignKey("dojo.Product", on_delete=models.CASCADE)
+    control = models.ForeignKey("dojo.Benchmark_Requirement", on_delete=models.CASCADE)
+    pass_fail = models.BooleanField(default=False, verbose_name=_("Pass"),
+                                    help_text=_("Does the product meet the requirement?"))
+    enabled = models.BooleanField(default=True,
+                                  help_text=_("Applicable for this specific product."))
+    notes = models.ManyToManyField("dojo.Notes", blank=True, editable=False)
+    created = models.DateTimeField(auto_now_add=True, null=False)
+    updated = models.DateTimeField(auto_now=True)
+
+    class Meta:
+        unique_together = [("product", "control")]
+
+    def __str__(self):
+        return self.product.name + ": " + self.control.objective_number + ": " + self.control.category.name
+
+
+class Benchmark_Product_Summary(models.Model):
+    product = models.ForeignKey("dojo.Product", on_delete=models.CASCADE)
+    benchmark_type = models.ForeignKey("dojo.Benchmark_Type", on_delete=models.CASCADE)
+    asvs_level = (("Level 1", "Level 1"),
+                    ("Level 2", "Level 2"),
+                    ("Level 3", "Level 3"))
+    desired_level = models.CharField(max_length=15,
+                                     null=False, choices=asvs_level,
+                                     default="Level 1")
+    current_level = models.CharField(max_length=15, blank=True,
+                                     null=True, choices=asvs_level,
+                                     default="None")
+    asvs_level_1_benchmark = models.IntegerField(null=False, default=0, help_text=_("Total number of active benchmarks for this application."))
+    asvs_level_1_score = models.IntegerField(null=False, default=0, help_text=_("ASVS Level 1 Score"))
+    asvs_level_2_benchmark = models.IntegerField(null=False, default=0, help_text=_("Total number of active benchmarks for this application."))
+    asvs_level_2_score = models.IntegerField(null=False, default=0, help_text=_("ASVS Level 2 Score"))
+    asvs_level_3_benchmark = models.IntegerField(null=False, default=0, help_text=_("Total number of active benchmarks for this application."))
+    asvs_level_3_score = models.IntegerField(null=False, default=0, help_text=_("ASVS Level 3 Score"))
+    publish = models.BooleanField(default=False, help_text=_("Publish score to Product."))
+    created = models.DateTimeField(auto_now_add=True, null=False)
+    updated = models.DateTimeField(auto_now=True)
+
+    class Meta:
+        unique_together = [("product", "benchmark_type")]
+
+    def __str__(self):
+        return self.product.name + ": " + self.benchmark_type.name
@@ -3,7 +3,7 @@
 from django.db.models.signals import pre_delete
 from django.dispatch import receiver
 
-from dojo.models import Benchmark_Product
+from dojo.benchmark.models import Benchmark_Product
 from dojo.notes.helper import delete_related_notes
 
 logger = logging.getLogger(__name__)

@@ -0,0 +1,37 @@
+from django import forms
+
+from dojo.benchmark.models import (
+    Benchmark_Product,
+    Benchmark_Product_Summary,
+    Benchmark_Requirement,
+)
+
+
+class Benchmark_Product_SummaryForm(forms.ModelForm):
+
+    class Meta:
+        model = Benchmark_Product_Summary
+        exclude = ["product", "current_level", "benchmark_type", "asvs_level_1_benchmark", "asvs_level_1_score", "asvs_level_2_benchmark", "asvs_level_2_score", "asvs_level_3_benchmark", "asvs_level_3_score"]
+
+
+class DeleteBenchmarkForm(forms.ModelForm):
+    id = forms.IntegerField(required=True,
+                            widget=forms.widgets.HiddenInput())
+
+    class Meta:
+        model = Benchmark_Product_Summary
+        fields = ["id"]
+
+
+class BenchmarkForm(forms.ModelForm):
+
+    class Meta:
+        model = Benchmark_Product
+        exclude = ["product", "control"]
+
+
+class Benchmark_RequirementForm(forms.ModelForm):
+
+    class Meta:
+        model = Benchmark_Requirement
+        exclude = [""]
@@ -1,6 +1,6 @@
 from django.urls import re_path
 
-from . import views
+from dojo.benchmark.ui import views
 
 urlpatterns = [
     re_path(

@@ -8,15 +8,15 @@
 from django.urls import reverse
 from django.utils.translation import gettext as _
 
-from dojo.forms import Benchmark_Product_SummaryForm, DeleteBenchmarkForm
-from dojo.models import (
+from dojo.benchmark.models import (
     Benchmark_Category,
     Benchmark_Product,
     Benchmark_Product_Summary,
     Benchmark_Requirement,
     Benchmark_Type,
-    Product,
 )
+from dojo.benchmark.ui.forms import Benchmark_Product_SummaryForm, DeleteBenchmarkForm
+from dojo.models import Product
 from dojo.templatetags.display_tags import asvs_level
 from dojo.utils import (
     Product_Tab,

@@ -1,19 +1,16 @@
 import collections
 import decimal
 import logging
-import warnings
 from datetime import datetime, timedelta
 
 import six
 import tagulous
 from django.apps import apps
 from django.conf import settings
-from django.contrib.contenttypes.models import ContentType
 from django.db.models import Count, Q
 from django.utils.timezone import now, tzinfo
 from django.utils.translation import gettext_lazy as _
 from django_filters import (
-    BooleanFilter,
     CharFilter,
     DateFilter,
     FilterSet,
@@ -25,7 +22,6 @@
 )
 from django_filters import rest_framework as filters
 from django_filters.filters import ChoiceFilter
-from polymorphic.base import ManagerInheritanceWarning
 
 # from tagulous.forms import TagWidget
 # import tagulous
@@ -46,21 +42,17 @@
 from dojo.models import (
     SEVERITY_CHOICES,
     App_Analysis,
-    ChoiceQuestion,
     Development_Environment,
     DojoMeta,
     Endpoint,
     Endpoint_Status,
     Engagement,
-    Engagement_Survey,
     Finding,
     Note_Type,
     Product,
     Product_Type,
-    Question,
     Risk_Acceptance,
     Test,
-    TextQuestion,
     Vulnerability_Id,
 )
 from dojo.product_type.queries import get_authorized_product_types
@@ -1413,64 +1405,8 @@ class Meta:
         exclude = []
         include = ("name", "is_single", "description")
 
-# ==============================
-# Defect Dojo Engaegment Surveys
-# ==============================
-
-
-class QuestionnaireFilter(FilterSet):
-    name = CharFilter(lookup_expr="icontains")
-    description = CharFilter(lookup_expr="icontains")
-    active = BooleanFilter()
-
-    class Meta:
-        model = Engagement_Survey
-        exclude = ["questions"]
-
-    survey_set = FilterSet
-
-
-class QuestionTypeFilter(ChoiceFilter):
-    def any(self, qs, name):
-        return qs.all()
-
-    def text_question(self, qs, name):
-        return qs.filter(polymorphic_ctype=ContentType.objects.get_for_model(TextQuestion))
-
-    def choice_question(self, qs, name):
-        return qs.filter(polymorphic_ctype=ContentType.objects.get_for_model(ChoiceQuestion))
-
-    options = {
-        None: (_("Any"), any),
-        1: (_("Text Question"), text_question),
-        2: (_("Choice Question"), choice_question),
-    }
-
-    def __init__(self, *args, **kwargs):
-        kwargs["choices"] = [
-            (key, value[0]) for key, value in six.iteritems(self.options)]
-        super().__init__(*args, **kwargs)
-
-    def filter(self, qs, value):
-        try:
-            value = int(value)
-        except (ValueError, TypeError):
-            value = None
-        return self.options[value][1](self, qs, self.options[value][0])
-
-
 # ApiUserFilter lives in dojo/user/api/filters.py — import from there directly.
-
-with warnings.catch_warnings(action="ignore", category=ManagerInheritanceWarning):
-    class QuestionFilter(FilterSet):
-        text = CharFilter(lookup_expr="icontains")
-        type = QuestionTypeFilter()
-
-        class Meta:
-            model = Question
-            exclude = ["polymorphic_ctype", "created", "modified", "order"]
-
-        question_set = FilterSet
+# QuestionnaireFilter, QuestionTypeFilter, QuestionFilter live in dojo/survey/ui/filters.py
 
 
 from dojo.auditlog.filters import LogEntryFilter, PgHistoryFilter  # noqa: E402, F401 -- backward compat