def new_eng_for_app(request, pid, cicd=False):
jform = None
prod = Product.objects.get(id=pid)
if request.method == 'POST':
form = EngForm(request.POST, cicd=cicd)
if form.is_valid():
new_eng = form.save(commit=False)
if not new_eng.name:
new_eng.name = str(new_eng.target_start)
new_eng.threat_model = False
new_eng.api_test = False
new_eng.pen_test = False
new_eng.check_list = False
new_eng.product = prod
if new_eng.threat_model:
new_eng.progress = 'threat_model'
else:
new_eng.progress = 'other'
if cicd:
new_eng.engagement_type = 'CI/CD'
new_eng.status = "In Progress"
new_eng.save()
tags = request.POST.getlist('tags')
t = ", ".join(tags)
new_eng.tags = t
if get_system_setting('enable_jira'):
# Test to make sure there is a Jira project associated the product
try:
jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues)
if jform.is_valid():
add_epic_task.delay(new_eng, jform.cleaned_data.get('push_to_jira'))
except JIRA_PKey.DoesNotExist:
pass
messages.add_message(request,
messages.SUCCESS,
'Engagement added successfully.',
extra_tags='alert-success')
create_notification(event='engagement_added', title=new_eng.name + " for " + prod.name, engagement=new_eng, url=request.build_absolute_uri(reverse('view_engagement', args=(new_eng.id,))), objowner=new_eng.lead)
if "_Add Tests" in request.POST:
return HttpResponseRedirect(reverse('add_tests', args=(new_eng.id,)))
elif "_Import Scan Results" in request.POST:
return HttpResponseRedirect(reverse('import_scan_results', args=(new_eng.id,)))
else:
return HttpResponseRedirect(reverse('view_engagement', args=(new_eng.id,)))
else:
form = EngForm(initial={'lead': request.user, 'target_start': timezone.now().date(), 'target_end': timezone.now().date() + timedelta(days=7)}, cicd=cicd, product=prod.id)
if(get_system_setting('enable_jira')):
if JIRA_PKey.objects.filter(product=prod).count() != 0:
jform = JIRAFindingForm(prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues)
product_tab = Product_Tab(pid, title="New Engagement", tab="engagements")
return render(request, 'dojo/new_eng.html',
{'form': form, 'pid': pid,
'product_tab': product_tab,
'jform': jform
})
def edit_engagement(request, eid):
eng = Engagement.objects.get(pk=eid)
jform = None
if request.method == 'POST':
form = EngForm2(request.POST, instance=eng)
if 'jiraform-push_to_jira' in request.POST:
jform = JIRAFindingForm(request.POST,
prefix='jiraform',
enabled=True)
if form.is_valid():
if 'jiraform-push_to_jira' in request.POST:
try:
jissue = JIRA_Issue.objects.get(engagement=eng)
update_epic_task.delay(
eng, jform.cleaned_data.get('push_to_jira'))
enabled = True
except:
enabled = False
add_epic_task.delay(eng,
jform.cleaned_data.get('push_to_jira'))
pass
form.save()
tags = request.POST.getlist('tags')
t = ", ".join(tags)
eng.tags = t
messages.add_message(request,
messages.SUCCESS,
'Engagement updated successfully.',
extra_tags='alert-success')
if '_Add Tests' in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(eng.id, )))
else:
form = EngForm2(instance=eng)
try:
jissue = JIRA_Issue.objects.get(engagement=eng)
enabled = True
except:
enabled = False
pass
if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(
product=eng.product).count() != 0:
jform = JIRAFindingForm(prefix='jiraform', enabled=enabled)
else:
jform = None
form.initial['tags'] = [tag.name for tag in eng.tags]
add_breadcrumb(parent=eng,
title="Edit Engagement",
top_level=False,
request=request)
return render(request, 'dojo/new_eng.html', {
'form': form,
'edit': True,
'jform': jform
})
def new_eng_for_app(request, pid, cicd=False):
jform = None
prod = Product.objects.get(id=pid)
if request.method == 'POST':
form = EngForm(request.POST, cicd=cicd)
if form.is_valid():
new_eng = form.save(commit=False)
if not new_eng.name:
new_eng.name = str(new_eng.target_start)
new_eng.threat_model = False
new_eng.api_test = False
new_eng.pen_test = False
new_eng.check_list = False
new_eng.product = prod
if new_eng.threat_model:
new_eng.progress = 'threat_model'
else:
new_eng.progress = 'other'
if cicd:
new_eng.engagement_type = 'CI/CD'
new_eng.status = "In Progress"
new_eng.save()
tags = request.POST.getlist('tags')
t = ", ".join(tags)
new_eng.tags = t
if get_system_setting('enable_jira'):
# Test to make sure there is a Jira project associated the product
try:
jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues)
if jform.is_valid():
add_epic_task.delay(new_eng, jform.cleaned_data.get('push_to_jira'))
except JIRA_PKey.DoesNotExist:
pass
messages.add_message(request,
messages.SUCCESS,
'Engagement added successfully.',
extra_tags='alert-success')
create_notification(event='engagement_added', title=new_eng.name + " for " + prod.name, engagement=new_eng, url=reverse('view_engagement', args=(new_eng.id,)), objowner=new_eng.lead)
if "_Add Tests" in request.POST:
return HttpResponseRedirect(reverse('add_tests', args=(new_eng.id,)))
elif "_Import Scan Results" in request.POST:
return HttpResponseRedirect(reverse('import_scan_results', args=(new_eng.id,)))
else:
return HttpResponseRedirect(reverse('view_engagement', args=(new_eng.id,)))
else:
form = EngForm(initial={'lead': request.user, 'target_start': timezone.now().date(), 'target_end': timezone.now().date() + timedelta(days=7)}, cicd=cicd, product=prod.id)
if(get_system_setting('enable_jira')):
if JIRA_PKey.objects.filter(product=prod).count() != 0:
jform = JIRAFindingForm(prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues)
product_tab = Product_Tab(pid, title="New Engagement", tab="engagements")
return render(request, 'dojo/new_eng.html',
{'form': form, 'pid': pid,
'product_tab': product_tab,
'jform': jform
})
def new_eng_for_app(request, pid):
jform = None
prod = Product.objects.get(id=pid)
if request.method == 'POST':
form = EngForm(request.POST)
if form.is_valid():
new_eng = form.save(commit=False)
new_eng.product = prod
if new_eng.threat_model:
new_eng.progress = 'threat_model'
else:
new_eng.progress = 'other'
new_eng.save()
if get_system_setting('enable_jira'):
#Test to make sure there is a Jira project associated the product
try:
jform = JIRAFindingForm(request.POST,
prefix='jiraform',
enabled=JIRA_PKey.objects.get(
product=prod).push_all_issues)
if jform.is_valid():
add_epic_task.delay(
new_eng, jform.cleaned_data.get('push_to_jira'))
except JIRA_PKey.DoesNotExist:
pass
#else:
# print >>sys.stderr, 'no prefix is found'
messages.add_message(request,
messages.SUCCESS,
'Engagement added successfully.',
extra_tags='alert-success')
if "_Add Tests" in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(new_eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(new_eng.id, )))
else:
form = EngForm(initial={})
if (get_system_setting('enable_jira')):
if JIRA_PKey.objects.filter(product=prod).count() != 0:
jform = JIRAFindingForm(prefix='jiraform',
enabled=JIRA_PKey.objects.get(
product=prod).push_all_issues)
add_breadcrumb(parent=prod,
title="New Engagement",
top_level=False,
request=request)
return render(request, 'dojo/new_eng.html', {
'form': form,
'pid': pid,
'jform': jform
})
def new_eng_for_app(request, pid):
jform = None
prod = Product.objects.get(id=pid)
if request.method == 'POST':
form = EngForm(request.POST)
if form.is_valid():
new_eng = form.save(commit=False)
new_eng.product = prod
if new_eng.threat_model:
new_eng.progress = 'threat_model'
else:
new_eng.progress = 'other'
new_eng.save()
if get_system_setting('enable_jira'):
#Test to make sure there is a Jira project associated the product
try:
jform = JIRAFindingForm(request.POST, prefix='jiraform',
enabled=JIRA_PKey.objects.get(product=prod).push_all_issues)
if jform.is_valid():
add_epic_task.delay(new_eng, jform.cleaned_data.get('push_to_jira'))
except JIRA_PKey.DoesNotExist:
pass
#else:
# print >>sys.stderr, 'no prefix is found'
messages.add_message(request,
messages.SUCCESS,
'Engagement added successfully.',
extra_tags='alert-success')
create_notification(event='engagement_added', title='Engagement added', engagement=new_eng, url=request.build_absolute_uri(reverse('view_engagement', args=(new_eng.id,))), objowner=new_eng.lead)
if "_Add Tests" in request.POST:
return HttpResponseRedirect(reverse('add_tests', args=(new_eng.id,)))
else:
return HttpResponseRedirect(reverse('view_engagement', args=(new_eng.id,)))
else:
form = EngForm(initial={})
if(get_system_setting('enable_jira')):
if JIRA_PKey.objects.filter(product=prod).count() != 0:
jform = JIRAFindingForm(prefix='jiraform', enabled=JIRA_PKey.objects.get(product=prod).push_all_issues)
add_breadcrumb(parent=prod, title="New Engagement", top_level=False, request=request)
return render(request, 'dojo/new_eng.html',
{'form': form, 'pid': pid,
'jform': jform
})
def edit_engagement(request, eid):
eng = Engagement.objects.get(pk=eid)
jform = None
if request.method == 'POST':
form = EngForm2(request.POST, instance=eng)
if 'jiraform-push_to_jira' in request.POST:
jform = JIRAFindingForm(request.POST, prefix='jiraform', enabled=True)
if form.is_valid():
if 'jiraform-push_to_jira' in request.POST:
try:
jissue = JIRA_Issue.objects.get(engagement=eng)
update_epic_task.delay(eng, jform.cleaned_data.get('push_to_jira'))
enabled = True
except:
enabled = False
add_epic_task.delay(eng, jform.cleaned_data.get('push_to_jira'))
pass
form.save()
tags = request.POST.getlist('tags')
t = ", ".join(tags)
eng.tags = t
messages.add_message(request,
messages.SUCCESS,
'Engagement updated successfully.',
extra_tags='alert-success')
if '_Add Tests' in request.POST:
return HttpResponseRedirect(reverse('add_tests', args=(eng.id,)))
else:
return HttpResponseRedirect(reverse('view_engagement', args=(eng.id,)))
else:
form = EngForm2(instance=eng)
try:
jissue = JIRA_Issue.objects.get(engagement=eng)
enabled = True
except:
enabled = False
pass
if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(product=eng.product).count() != 0:
jform = JIRAFindingForm(prefix='jiraform', enabled=enabled)
else:
jform = None
form.initial['tags'] = [tag.name for tag in eng.tags]
add_breadcrumb(parent=eng, title="Edit Engagement", top_level=False, request=request)
return render(request, 'dojo/new_eng.html',
{'form': form, 'edit': True, 'jform': jform
})
def edit_engagement(request, eid):
eng = Engagement.objects.get(pk=eid)
ci_cd_form = False
if eng.engagement_type == "CI/CD":
ci_cd_form = True
jform = None
if request.method == 'POST':
form = EngForm(request.POST,
instance=eng,
cicd=ci_cd_form,
product=eng.product.id)
if 'jiraform-push_to_jira' in request.POST:
jform = JIRAFindingForm(request.POST,
prefix='jiraform',
enabled=False)
if (form.is_valid() and jform is None) or (form.is_valid() and jform
and jform.is_valid()):
if 'jiraform-push_to_jira' in request.POST:
if JIRA_Issue.objects.filter(engagement=eng).exists():
update_epic_task.delay(
eng, jform.cleaned_data.get('push_to_jira'))
else:
add_epic_task.delay(eng,
jform.cleaned_data.get('push_to_jira'))
temp_form = form.save(commit=False)
if (temp_form.status == "Cancelled"
or temp_form.status == "Completed"):
temp_form.active = False
elif (temp_form.active is False):
temp_form.active = True
temp_form.product_id = form.cleaned_data.get('product').id
temp_form.save()
tags = request.POST.getlist('tags')
t = ", ".join('"{0}"'.format(w) for w in tags)
eng.tags = t
messages.add_message(request,
messages.SUCCESS,
'Engagement updated successfully.',
extra_tags='alert-success')
if '_Add Tests' in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(eng.id, )))
else:
form = EngForm(initial={'product': eng.product.id},
instance=eng,
cicd=ci_cd_form,
product=eng.product.id)
try:
# jissue = JIRA_Issue.objects.get(engagement=eng)
enabled = True
except:
enabled = False
pass
if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(
product=eng.product).count() != 0:
# Enabled must be false in this case, because this Push-to-jira is more about
# epics then findings.
jform = JIRAFindingForm(prefix='jiraform', enabled=False)
# Feels like we should probably inform the user that this particular checkbox
# is more about epics and engagements than findings and issues.
jform.fields['push_to_jira'].help_text = \
"Checking this will add an EPIC or update an existing EPIC for this engagement."
jform.fields['push_to_jira'].label = "Create or update EPIC"
else:
jform = None
form.initial['tags'] = [tag.name for tag in eng.tags]
title = ""
if eng.engagement_type == "CI/CD":
title = " CI/CD"
product_tab = Product_Tab(eng.product.id,
title="Edit" + title + " Engagement",
tab="engagements")
product_tab.setEngagement(eng)
return render(
request, 'dojo/new_eng.html', {
'product_tab': product_tab,
'form': form,
'edit': True,
'jform': jform,
'eng': eng
})
def edit_engagement(request, eid):
eng = Engagement.objects.get(pk=eid)
ci_cd_form = False
if eng.engagement_type == "CI/CD":
ci_cd_form = True
jform = None
if request.method == 'POST':
form = EngForm(request.POST, instance=eng, cicd=ci_cd_form, product=eng.product.id)
if 'jiraform-push_to_jira' in request.POST:
jform = JIRAFindingForm(
request.POST, prefix='jiraform', enabled=True)
if (form.is_valid() and jform is None) or (form.is_valid() and jform and jform.is_valid()):
if 'jiraform-push_to_jira' in request.POST:
if JIRA_Issue.objects.filter(engagement=eng).exists():
update_epic_task.delay(
eng, jform.cleaned_data.get('push_to_jira'))
enabled = True
else:
enabled = False
add_epic_task.delay(eng,
jform.cleaned_data.get('push_to_jira'))
temp_form = form.save(commit=False)
if (temp_form.status == "Cancelled" or temp_form.status == "Completed"):
temp_form.active = False
elif(temp_form.active is False):
temp_form.active = True
temp_form.save()
tags = request.POST.getlist('tags')
t = ", ".join(tags)
eng.tags = t
messages.add_message(
request,
messages.SUCCESS,
'Engagement updated successfully.',
extra_tags='alert-success')
if '_Add Tests' in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(eng.id, )))
else:
form = EngForm(instance=eng, cicd=ci_cd_form, product=eng.product.id)
try:
# jissue = JIRA_Issue.objects.get(engagement=eng)
enabled = True
except:
enabled = False
pass
if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(
product=eng.product).count() != 0:
jform = JIRAFindingForm(prefix='jiraform', enabled=enabled)
else:
jform = None
form.initial['tags'] = [tag.name for tag in eng.tags]
title = ""
if eng.engagement_type == "CI/CD":
title = " CI/CD"
product_tab = Product_Tab(eng.product.id, title="Edit" + title + " Engagement", tab="engagements")
product_tab.setEngagement(eng)
return render(request, 'dojo/new_eng.html', {
'product_tab': product_tab,
'form': form,
'edit': True,
'jform': jform,
'eng': eng
})
def edit_engagement(request, eid):
eng = Engagement.objects.get(pk=eid)
ci_cd_form = False
if eng.engagement_type == "CI/CD":
ci_cd_form = True
jform = None
use_jira = get_system_setting(
'enable_jira') and eng.product.jira_pkey is not None
if request.method == 'POST':
form = EngForm(request.POST,
instance=eng,
cicd=ci_cd_form,
product=eng.product.id,
user=request.user)
if 'jiraform-push_to_jira' in request.POST:
jform = JIRAEngagementForm(request.POST,
prefix='jiraform',
instance=eng)
if (form.is_valid() and jform is None) or (form.is_valid() and jform
and jform.is_valid()):
logger.debug('jform valid')
if 'jiraform-push_to_jira' in request.POST:
logger.debug('push_to_jira true')
if JIRA_Issue.objects.filter(engagement=eng).exists():
if Dojo_User.wants_block_execution(request.user):
update_epic(eng,
jform.cleaned_data.get('push_to_jira'))
else:
update_epic_task.delay(
eng, jform.cleaned_data.get('push_to_jira'))
else:
if Dojo_User.wants_block_execution(request.user):
add_epic(eng, jform.cleaned_data.get('push_to_jira'))
else:
add_epic_task.delay(
eng, jform.cleaned_data.get('push_to_jira'))
temp_form = form.save(commit=False)
if (temp_form.status == "Cancelled"
or temp_form.status == "Completed"):
temp_form.active = False
elif (temp_form.active is False):
temp_form.active = True
temp_form.product_id = form.cleaned_data.get('product').id
temp_form.save()
tags = request.POST.getlist('tags')
t = ", ".join('"{0}"'.format(w) for w in tags)
eng.tags = t
messages.add_message(request,
messages.SUCCESS,
'Engagement updated successfully.',
extra_tags='alert-success')
if '_Add Tests' in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(eng.id, )))
else:
form = EngForm(initial={'product': eng.product.id},
instance=eng,
cicd=ci_cd_form,
product=eng.product.id,
user=request.user)
if use_jira:
jform = JIRAEngagementForm(prefix='jiraform', instance=eng)
else:
jform = None
form.initial['tags'] = [tag.name for tag in eng.tags]
title = ""
if eng.engagement_type == "CI/CD":
title = " CI/CD"
product_tab = Product_Tab(eng.product.id,
title="Edit" + title + " Engagement",
tab="engagements")
product_tab.setEngagement(eng)
return render(
request, 'dojo/new_eng.html', {
'product_tab': product_tab,
'form': form,
'edit': True,
'jform': jform,
'eng': eng
})
def edit_engagement(request, eid):
eng = Engagement.objects.get(pk=eid)
ci_cd_form = False
if eng.engagement_type == "CI/CD":
ci_cd_form = True
jform = None
if request.method == 'POST':
form = EngForm(request.POST, instance=eng, cicd=ci_cd_form, product=eng.product.id)
if 'jiraform-push_to_jira' in request.POST:
jform = JIRAFindingForm(
request.POST, prefix='jiraform', enabled=True)
if (form.is_valid() and jform is None) or (form.is_valid() and jform and jform.is_valid()):
if 'jiraform-push_to_jira' in request.POST:
if JIRA_Issue.objects.filter(engagement=eng).exists():
update_epic_task.delay(
eng, jform.cleaned_data.get('push_to_jira'))
enabled = True
else:
enabled = False
add_epic_task.delay(eng,
jform.cleaned_data.get('push_to_jira'))
temp_form = form.save(commit=False)
if (temp_form.status == "Cancelled" or temp_form.status == "Completed"):
temp_form.active = False
elif(temp_form.active is False):
temp_form.active = True
temp_form.save()
tags = request.POST.getlist('tags')
t = ", ".join(tags)
eng.tags = t
messages.add_message(
request,
messages.SUCCESS,
'Engagement updated successfully.',
extra_tags='alert-success')
if '_Add Tests' in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(eng.id, )))
else:
form = EngForm(instance=eng, cicd=ci_cd_form, product=eng.product.id)
try:
# jissue = JIRA_Issue.objects.get(engagement=eng)
enabled = True
except:
enabled = False
pass
if get_system_setting('enable_jira') and JIRA_PKey.objects.filter(
product=eng.product).count() != 0:
jform = JIRAFindingForm(prefix='jiraform', enabled=enabled)
else:
jform = None
form.initial['tags'] = [tag.name for tag in eng.tags]
title = ""
if eng.engagement_type == "CI/CD":
title = " CI/CD"
product_tab = Product_Tab(eng.product.id, title="Edit" + title + " Engagement", tab="engagements")
product_tab.setEngagement(eng)
return render(request, 'dojo/new_eng.html', {
'product_tab': product_tab,
'form': form,
'edit': True,
'jform': jform,
'eng': eng
})
def new_eng_for_app(request, pid):
jform = None
prod = Product.objects.get(id=pid)
if request.method == 'POST':
form = EngForm(request.POST)
if form.is_valid():
new_eng = form.save(commit=False)
new_eng.product = prod
new_eng.save()
form.save_m2m()
if get_system_setting('enable_jira'):
#Test to make sure there is a Jira project associated the product
try:
jform = JIRAFindingForm(request.POST,
prefix='jiraform',
enabled=JIRA_PKey.objects.get(
product=prod).push_all_issues)
if jform.is_valid():
add_epic_task.delay(
new_eng, jform.cleaned_data.get('push_to_jira'))
except JIRA_PKey.DoesNotExist:
pass
#else:
# print >>sys.stderr, 'no prefix is found'
messages.add_message(request,
messages.SUCCESS,
'Engagement added successfully.',
extra_tags='alert-success')
create_notification(event='engagement_added',
title='Engagement added',
engagement=new_eng,
url=request.build_absolute_uri(
reverse('view_engagement',
args=(new_eng.id, ))),
objowner=new_eng.analysts.all())
if "_Add Tests" in request.POST:
return HttpResponseRedirect(
reverse('add_tests', args=(new_eng.id, )))
else:
return HttpResponseRedirect(
reverse('view_engagement', args=(new_eng.id, )))
else:
form = EngForm(auth_users=(
prod.authorized_users.all()
| Dojo_User.objects.filter(is_superuser=True)).distinct())
if (get_system_setting('enable_jira')):
if JIRA_PKey.objects.filter(product=prod).count() != 0:
jform = JIRAFindingForm(prefix='jiraform',
enabled=JIRA_PKey.objects.get(
product=prod).push_all_issues)
add_breadcrumb(parent=prod,
title="New Engagement",
top_level=False,
request=request)
return render(request, 'dojo/new_eng.html', {
'form': form,
'pid': pid,
'jform': jform
})