Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Backend data labs #4405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
DonnieBLT merged 15 commits into from
Jul 10, 2025
Merged

Backend data labs #4405

DonnieBLT merged 15 commits into from
Jul 10, 2025

Conversation

@igennova
Copy link
Contributor

@igennova igennova commented Jun 30, 2025
edited by coderabbitai bot
Loading

fixes #4404
Added new Labs`model with fields:
Created management command create_initial_labs to populate initial security labs:

Updated simulation dashboard to display labs from database instead of hardcoded data
Added estimated time display to lab cards in UI

Summary by CodeRabbit

  • New Features

    • Introduced a "Security Labs" dashboard displaying interactive lab cards with progress tracking and dynamic icons.
    • Added a new section accessible to authenticated users for exploring and managing security labs.
    • Implemented visual progress bars and action buttons for starting or continuing labs.
    • Added a new URL path for easy access to the Security Labs dashboard.

  • Database

    • Added a new model for managing lab details, including name, description, estimated time, total tasks, and status.

  • Chores

    • Provided a management command to initialize the database with a predefined set of security labs.

igennova added 3 commits June 15, 2025 14:34
@igennova
only frontedn dashboard
48442f4
@igennova
Add Labs model and initial data creation command
9fed9cc 
- Introduced a new Labs model with fields for name, description, estimated time, total tasks, and active status.
- Added a management command to create initial lab data for SQL Injection, XSS, CSRF, and Command Injection.
- Updated the dashboard view to fetch and display active labs with their respective details.

New labs created,
Knowledge in every task,
Learning never ends.
@igennova
pre_commit_done
fc03870
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jun 30, 2025
edited
Loading

"""

Walkthrough

The changes introduce a new Labs model to represent security labs, a migration to create its database table, and a Django management command to seed the database with four initial labs (SQL Injection, XSS, CSRF, Command Injection). Additionally, a dashboard view and template are added to display these labs, and a URL route is registered for the dashboard.

Changes

File(s) Change Summary
website/models.py, website/migrations/0242_labs.py Added Labs model and migration for database schema.
website/management/commands/create_initial_labs.py Added management command to seed the database with four initial labs.
website/views/Simulation.py, website/templates/Simulation.html Added dashboard view and template to display labs.
blt/urls.py Registered new URL route for the dashboard view.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant WebServer
    participant DashboardView
    participant LabsModel
    User->>WebServer: GET /simulation/
    WebServer->>DashboardView: Call dashboard(request)
    DashboardView->>LabsModel: Query active labs (order by 'order')
    LabsModel-->>DashboardView: Return labs queryset
    DashboardView->>WebServer: Render Simulation.html with labs context
    WebServer-->>User: Return rendered dashboard page
Loading

Assessment against linked issues

Objective Addressed Explanation
Add Lab model (fields, ordering, etc.) [#4404]
Write a seed script to populate the database with 4 initial labs [#4404]

Assessment against linked issues: Out-of-scope changes

No out-of-scope changes found.
"""

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Knowledge Base: Disabled due to Reviews > Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 78d5c7f and 80c4102.

📒 Files selected for processing (1)
  • website/views/Simulation.py (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • website/views/Simulation.py
⏰ Context from checks skipped due to timeout of 90000ms (2)
  • GitHub Check: Run Tests
  • GitHub Check: docker-test
✨ Finishing Touches
  • 📝 Generate Docstrings
🧪 Generate Unit Tests
  • Create PR with Unit Tests
  • Post Copyable Unit Tests in a Comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai auto-generate unit tests to generate unit tests for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot requested changes Jun 30, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (6)
blt/urls.py (1)

279-279: Prefer lowercase module names to avoid case-sensitivity surprises

The new import targets website.views.Simulation. While this works if the file is literally named Simulation.py, it breaks on case-sensitive filesystems the moment the file is renamed to follow PEP 8 (simulation.py). Importing with a lowercase path keeps the codebase platform-agnostic and future-proof.

-from website.views.Simulation import dashboard
+from website.views.simulation import dashboard

(If the file is already committed as Simulation.py, consider renaming it in a follow-up PR.)

website/models.py (1)

2479-2482: Consider adding database indexes for better query performance.

Since the model will likely be frequently queried by is_active and order fields, adding indexes could improve performance.

 class Meta:
     verbose_name = "Lab"
     verbose_name_plural = "Labs"
     ordering = ["order"]
+    indexes = [
+        models.Index(fields=["is_active"]),
+        models.Index(fields=["order"]),
+        models.Index(fields=["is_active", "order"]),
+    ]
website/views/Simulation.py (2)

16-23: Consider making the icon mapping more flexible and maintainable.

The hardcoded icon mapping logic could be improved for better maintainability and extensibility.

Option 1: Move to model field
Add an icon field to the Labs model:

# In Labs model
icon = models.CharField(max_length=50, default="database")

Option 2: Use a mapping dictionary

-# Map lab icons based on lab name or add a default
-icon = "database"  # Default icon
-if "xss" in lab.name.lower():
-    icon = "code"
-elif "csrf" in lab.name.lower():
-    icon = "shield-check"
-elif "command" in lab.name.lower():
-    icon = "terminal"
+# Icon mapping dictionary
+ICON_MAPPING = {
+    "xss": "code",
+    "csrf": "shield-check", 
+    "command": "terminal",
+}
+
+icon = "database"  # Default icon
+for keyword, mapped_icon in ICON_MAPPING.items():
+    if keyword in lab.name.lower():
+        icon = mapped_icon
+        break

32-32: Consider making the color configurable rather than hardcoded.

Having all labs use the same color "#e74c3c" reduces visual differentiation and customization options.

Option 1: Add color field to Labs model

# In Labs model
color = models.CharField(max_length=7, default="#e74c3c", help_text="Hex color code")

Option 2: Use a color palette

-"color": "#e74c3c",
+# Define color palette
+COLORS = ["#e74c3c", "#3498db", "#2ecc71", "#f39c12", "#9b59b6"]
+"color": COLORS[lab.order % len(COLORS)],
website/templates/Simulation.html (2)

75-88: Improve button accessibility

The button relies solely on visual text; screen-reader users would benefit from an explicit label. Add aria-label and hide the decorative arrow:

-<button class="w-full ...">
+<button class="w-full ..." aria-label="{{ 'Continue' if lab.progress > 0 else 'Start' }} Lab">
...
-<svg class="ml-2 -mr-1 h-4 w-4"
+<svg class="ml-2 -mr-1 h-4 w-4" aria-hidden="true"

24-55: Avoid hard-coding brand colour multiple times

The colour #e74c3c is repeated in several SVG and button classes. Consider extracting it into a Tailwind CSS theme extension or a custom CSS variable (--brand-red) to ensure consistency and simplify future rebranding.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Knowledge Base: Disabled due to Reviews > Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 2da89e7 and 78d5c7f.

📒 Files selected for processing (6)
  • blt/urls.py (2 hunks)
  • website/management/commands/create_initial_labs.py (1 hunks)
  • website/migrations/0242_labs.py (1 hunks)
  • website/models.py (1 hunks)
  • website/templates/Simulation.html (1 hunks)
  • website/views/Simulation.py (1 hunks)
🧰 Additional context used
🧬 Code Graph Analysis (3)
blt/urls.py (1)
website/views/Simulation.py (1)
  • dashboard (10-38)
website/management/commands/create_initial_labs.py (1)
website/models.py (1)
  • Labs (2457-2482)
website/views/Simulation.py (1)
website/models.py (1)
  • Labs (2457-2482)
🪛 Pylint (3.3.7)
website/management/commands/create_initial_labs.py

[refactor] 6-6: Too few public methods (1/2)

(R0903)

website/migrations/0242_labs.py

[refactor] 6-6: Too few public methods (0/2)

(R0903)

website/models.py

[refactor] 2479-2479: Too few public methods (0/2)

(R0903)

🪛 HTMLHint (1.5.0)
website/templates/Simulation.html

[error] 2-2: Doctype must be declared before any non-comment content.

(doctype-first)

[error] 76-76: Special characters must be escaped : [ > ].

(spec-char-escape)

⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: Run Tests
🔇 Additional comments (5)
blt/urls.py (1)

362-364: URL name dashboard is very generic – risk of collision

path("simulation/", dashboard, name="dashboard") introduces a top-level route whose name is simply "dashboard".
Because this project already contains many dashboard-related views, a duplicate reverse lookup (e.g. reverse("dashboard")) elsewhere would now silently resolve to the wrong URL and be difficult to trace.

Recommend using a more specific name such as "simulation_dashboard":

-path("simulation/", dashboard, name="dashboard"),
+path("simulation/", dashboard, name="simulation_dashboard"),

Please verify no other URL pattern already uses "dashboard".

website/migrations/0242_labs.py (1)

1-31: Migration looks good and correctly implements the Labs model.

The auto-generated migration properly creates the Labs table with all the required fields and options matching the model definition.

website/views/Simulation.py (1)

9-38: Good implementation of the dashboard view with proper security and structure.

The view correctly uses @login_required for security, efficiently queries the database, and provides a clean data structure for the template. The approach is well-structured and follows Django best practices.

website/management/commands/create_initial_labs.py (2)

11-36: Well-structured initial lab data covering essential security topics.

The lab definitions are comprehensive and educational:

  • Good coverage of fundamental security vulnerabilities
  • Descriptive content that explains what learners will achieve
  • Reasonable time estimates for each lab (30-60 minutes)
  • Logical ordering for learning progression

39-53: Excellent implementation of the management command.

The command follows Django best practices:

  • Uses get_or_create() to ensure idempotency
  • Provides clear feedback with success and warning messages
  • Handles the creation process efficiently with proper error handling

coderabbitai[bot]
coderabbitai bot previously approved these changes Jun 30, 2025
View reviewed changes
@DonnieBLT DonnieBLT enabled auto-merge July 4, 2025 17:57
@DonnieBLT DonnieBLT added this pull request to the merge queue Jul 4, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jul 4, 2025
@DonnieBLT DonnieBLT added this pull request to the merge queue Jul 4, 2025
@igennova igennova requested a review from DonnieBLT July 4, 2025 18:25
github-merge-queue bot pushed a commit that referenced this pull request Jul 4, 2025
@igennova @DonnieBLT
Backend data labs (#4405)
51b6ef8 
* only frontedn dashboard

* Add Labs model and initial data creation command

- Introduced a new Labs model with fields for name, description, estimated time, total tasks, and active status.
- Added a management command to create initial lab data for SQL Injection, XSS, CSRF, and Command Injection.
- Updated the dashboard view to fetch and display active labs with their respective details.

New labs created,
Knowledge in every task,
Learning never ends.

* pre_commit_done

* for_passing_test

---------

Co-authored-by: DonnieBLT <[email protected]>
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jul 4, 2025
@DonnieBLT DonnieBLT added this pull request to the merge queue Jul 7, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jul 7, 2025
@DonnieBLT DonnieBLT added this pull request to the merge queue Jul 10, 2025
Merged via the queue into OWASP-BLT:main with commit 87152e2 Jul 10, 2025
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

@DonnieBLT DonnieBLT Awaiting requested review from DonnieBLT

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Backend}] Add Lab model and script to seed initial vulnerability simulations

2 participants

@igennova @DonnieBLT