Added BLT Tomato (#2386) (#2410)

blt/urls.py

@@ -71,6 +71,7 @@
     UserDeleteView,
     UserProfileDetailsView,
     UserProfileDetailView,
+    blt_tomato,
     change_bid_status,
     chatbot_conversation,
     contributors_view,
@@ -534,6 +535,7 @@
         name="today-contributor-stats",
     ),
     path("api/chatbot/conversation/", chatbot_conversation, name="chatbot_conversation"),
+    path("blt-tomato/", blt_tomato, name="blt-tomato"),
 ]
 
 if settings.DEBUG:

contributors.json

@@ -466,5 +466,18 @@
         "linkedin": "https://www.linkedin.com/in/shirsh-jain-5a5b751b9/",
         "website": "https://github.com/haniljain",
         "bch_addr": "serendipity"
+    },
+    {
+        "id": 38,
+        "img": "https://avatars.githubusercontent.com/u/93156825?v=4",
+        "name": "Nikhil Raj",
+        "repository": "BLT | BLT-Core",
+        "short_description": "Engineer.",
+        "long_description": "I am a dedicated computer science student specializing in AI and ML, with a rich background in backend development, technical writing, and open-source contributions.",
+        "location": "Kolkata, India",
+        "twitter": "https://twitter.com/humans_write",
+        "linkedin": "https://www.linkedin.com/in/nikhil25803/",
+        "website": "https://github.com/nikhil25803",
+        "bch_addr": ""
     }
 ]

website/fixtures/blt_tomato_project_link.json

@@ -0,0 +1,122 @@
+[
+  {
+    "project_name": "O-Saft",
+    "repo_url": "https://github.com/OWASP/O-Saft",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/O-Saft/master/.github/FUNDING.yml",
+    "funding_details": "https://owasp.org/donate/?reponame=www-project-o-saft&title=OWASP+O-Saft, OWASP"
+  },
+  {
+    "project_name": "OWASP-VWAD",
+    "repo_url": "https://github.com/OWASP/OWASP-VWAD",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/OWASP-VWAD/master/.github/FUNDING.yml",
+    "funding_details": "https://owasp.org/donate/?reponame=www-project-vulnerable-web-applications-directory&title=OWASP+Vulnerable+Web+Applications+Directory"
+  },
+  {
+    "project_name": "ASVS",
+    "repo_url": "https://github.com/OWASP/ASVS",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/ASVS/master/.github/FUNDING.yml",
+    "funding_details": "https://owasp.org/donate/?reponame=www-project-application-security-verification-standard&title=OWASP+Application+Security+Verification+Standard, OWASP"
+  },
+  {
+    "project_name": "ZSC",
+    "repo_url": "https://github.com/OWASP/ZSC",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/ZSC/master/.github/FUNDING.yml",
+    "funding_details": "zdresearch"
+  },
+  {
+    "project_name": "Top10",
+    "repo_url": "https://github.com/OWASP/Top10",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/Top10/master/.github/FUNDING.yml",
+    "funding_details": "https://owasp.org/donate/?reponame=www-project-top-ten&title=OWASP+Top+Ten, OWASP"
+  },
+  {
+    "project_name": "MAS",
+    "repo_url": "https://github.com/OWASP/owasp-masvs",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/owasp-masvs/master/.github/FUNDING.yml",
+    "funding_details": "https://www.icrc.org/en/donate/ukraine"
+  },
+  {
+    "project_name": "owasp-mastg",
+    "repo_url": "https://github.com/OWASP/owasp-mastg",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/owasp-mastg/master/.github/FUNDING.yml",
+    "funding_details": "https://www.icrc.org/en/donate/ukraine"
+  },
+  {
+    "project_name": "Nettacker",
+    "repo_url": "https://github.com/OWASP/Nettacker",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/Nettacker/master/.github/FUNDING.yml",
+    "funding_details": "https://owasp.org/donate/?reponame=www-project-nettacker&title=OWASP+Nettacker"
+  },
+  {
+    "project_name": "wstg",
+    "repo_url": "https://github.com/OWASP/wstg",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/wstg/master/.github/FUNDING.yml",
+    "funding_details": "https://owasp.org/donate/?reponame=www-project-web-security-testing-guide&title=OWASP+Web+Security+Testing+Guide, OWASP"
+  },
+  {
+    "project_name": "Python-Honeypot",
+    "repo_url": "https://github.com/OWASP/Python-Honeypot",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/Python-Honeypot/master/.github/FUNDING.yml",
+    "funding_details": "zdresearch"
+  },
+  {
+    "project_name": "API-Security",
+    "repo_url": "https://github.com/OWASP/API-Security",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/API-Security/master/.github/FUNDING.yml",
+    "funding_details": "OWASP, https://owasp.org/donate/?reponame=www-project-api-security&title=OWASP+API+Security+Project"
+  },
+  {
+    "project_name": "Intelligent-Intrusion-Detection-System",
+    "repo_url": "https://github.com/OWASP/Intelligent-Intrusion-Detection-System",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/Intelligent-Intrusion-Detection-System/master/.github/FUNDING.yml",
+    "funding_details": "hardlyhuman, gsriharsha, https://www.paypal.me/SRIHARSHAGAJAVALLI"
+  },
+  {
+    "project_name": "owasp.github.io",
+    "repo_url": "https://github.com/OWASP/owasp.github.io",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/owasp.github.io/master/.github/FUNDING.yml",
+    "funding_details": "https://owasp.org/donate/"
+  },
+  {
+    "project_name": "Wrongsecrets",
+    "repo_url": "https://github.com/OWASP/wrongsecrets",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/wrongsecrets/master/.github/FUNDING.yml",
+    "funding_details": "https://owasp.org/donate/?reponame=www-project-wrongsecrets&title=OWASP+wrongsecrets, https://www.icrc.org/en/donate/ukraine, OWASP"
+  },
+  {
+    "project_name": "wrongsecrets-binaries",
+    "repo_url": "https://github.com/OWASP/wrongsecrets-binaries",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/wrongsecrets-binaries/master/.github/FUNDING.yml",
+    "funding_details": "https://owasp.org/donate/?reponame=www-project-wrongsecrets&title=OWASP+wrongsecrets"
+  },
+  {
+    "project_name": "wrongsecrets-ctf-party",
+    "repo_url": "https://github.com/OWASP/wrongsecrets-ctf-party",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/wrongsecrets-ctf-party/master/.github/FUNDING.yml",
+    "funding_details": "https://owasp.org/donate/?reponame=www-project-wrongsecrets&title=OWASP+wrongsecrets, https://www.icrc.org/en/donate/ukraine, OWASP"
+  },
+  {
+    "project_name": "secure-coding-practices-quick-reference-guide",
+    "repo_url": "https://github.com/OWASP/secure-coding-practices-quick-reference-guide",
+    "funding_url": "https://raw.githubusercontent.com/OWASP/secure-coding-practices-quick-reference-guide/master/.github/FUNDING.yml",
+    "funding_details": "https://owasp.org/donate/?reponame=www-project-secure-coding-practices-quick-reference-guide&title=OWASP+Secure+Coding+Practices+Quick+Reference+Guide, OWASP"
+  },
+  {
+    "project_name": "BLT",
+    "repo_url": "https://github.com/OWASP-BLT/BLT",
+    "funding_url": "https://raw.githubusercontent.com/OWASP-BLT/BLT/master/.github/FUNDING.yml",
+    "funding_details": "https://owasp.org/donate?reponame=www-project-bug-logging-tool&title=OWASP+Bug+logging+tool"
+  },
+  {
+    "project_name": "Juice Shop",
+    "repo_url": "https://github.com/juice-shop/juice-shop",
+    "funding_url": "https://raw.githubusercontent.com/juice-shop/juice-shop/master/.github/FUNDING.yml",
+    "funding_details": "https://sponsor.owasp-juice.shop, OWASP"
+  },
+  {
+    "project_name": "ModSecurity Core Rule Set",
+    "repo_url": "https://github.com/coreruleset/coreruleset",
+    "funding_url": "https://raw.githubusercontent.com/coreruleset/coreruleset/master/.github/FUNDING.yml",
+    "funding_details": "https://coreruleset.org/donate"
+  }
+]

website/templates/blt_tomato.html

@@ -0,0 +1,51 @@
+{% extends "base.html" %}
+{% load static %}
+{% block content %}
+    {% include "includes/sidenav.html" %}
+    <div class="min-h-screen flex flex-col mx-4 mt-5">
+        <h2 class="text-4xl font-semibold my-8 p-5 text-white rounded-md bg-[#d9534f]">
+            BLT Tomato - This is an OWASP BLT project created to help other OWASP projects.
+        </h2>
+        {% if projects %}
+            <p class="text-xl font-semibold mt-5">The following OWASP projects are seeking funding and have a funding.yml file:</p>
+            <ul class="text-2xl">
+                {% for project in projects %}
+                    <li type="1" class=" my-2 py-2 px-4 shadow">
+                        <p href="{{ item.repo_url }}"
+                           class="text-primary underline inline-block">{{ project.project_name }}</p>
+                        <button class="bg-[#d9534f] ml-4 inline-block py-1 px-2 rounded text-white">
+                            <a href="{{ project.funding_hyperlinks }}" target="_blank">
+                                <span class="text-white">Donate</span>
+                            </a>
+                        </button>
+                        <span class="ml-4">{{ project.funding_details }}</span>
+                    </li>
+                {% endfor %}
+            </ul>
+        {% endif %}
+    </div>
+{% endblock content %}
+<style>
+    .min-h-screen {
+        min-height: 100vh;
+    }
+    .shadow {
+        box-shadow: 0 0 5px rgba(0, 0, 0, 0.1);
+    }
+    .link-button {
+        background-color: #d9534f;
+        color: white;
+        padding: 0.5rem 1rem;
+        border-radius: 0.25rem;
+        text-decoration: none;
+    }
+
+    .link-button:hover {
+        background-color: #c9302c; 
+    }
+
+    .link-button:visited {
+        color: white;
+    }
+
+</style>

website/templates/includes/sidenav.html

@@ -1,3 +1,4 @@
+{% load static %}
 <aside id="sidebar"
        class="tracking-tight fixed top-0 left-0 z-40 w-[210px] h-screen pt-[70px] transition-transform -translate-x-full bg-white lg:translate-x-0 no-scrollbar"
        aria-label="Sidebar">
@@ -210,6 +211,18 @@
                         <span>Stats</span>
                     </a>
                 </li>
+                <li class="{% if request.path == '/blt-tomato/' %}bg-gray-200{% endif %}">
+                    <a href="{% url 'blt-tomato' %}"
+                       class="flex items-center w-full text-black no-underline p-2">
+                        <div class="w-8 mr-4">
+                            <img src="{% static 'img/tomato-svgrepo-com.svg' %}"
+                                 width="100"
+                                 height="100"
+                                 alt="ant">
+                        </div>
+                        <span>BLT Tomato</span>
+                    </a>
+                </li>
                 <li>
                     <div class="border-t-2 border-gray-200"></div>
                 </li>

website/views.py

@@ -11,6 +11,7 @@
 from collections import deque
 from datetime import datetime, timedelta, timezone
 from decimal import Decimal
+from pathlib import Path
 from urllib.parse import urlparse, urlsplit, urlunparse
 
 import humanize
@@ -4671,3 +4672,23 @@ def weekly_report(request):
         return HttpResponse("An error occurred while sending the weekly report")
 
     return HttpResponse("Weekly report sent successfully.")
+
+
+def blt_tomato(request):
+    current_dir = Path(__file__).parent
+    json_file_path = current_dir / "fixtures" / "blt_tomato_project_link.json"
+
+    try:
+        with json_file_path.open("r") as json_file:
+            data = json.load(json_file)
+    except Exception:
+        data = []
+
+    for project in data:
+        funding_details = project.get("funding_details", "").split(", ")
+        funding_links = [url.strip() for url in funding_details if url.startswith("https://")]
+
+        funding_link = funding_links[0] if funding_links else "#"
+        project["funding_hyperlinks"] = funding_link
+
+    return render(request, "blt_tomato.html", {"projects": data})