def test_mark_fresh_as_mitigated(self, mock_dt):
mock_dt.now.return_value = frozen_datetime
finding = Finding(is_Mitigated=True, active=False)
changed = helper.update_finding_status(finding, self.user_1)
self.assertEqual(self.get_mitigation_status_fields(finding),
(True, frozen_datetime, self.user_1))
self.assertTrue(changed)
def test_mark_old_active_as_mitigated(self, mock_can_edit, mock_tz,
mock_dt):
mock_dt.now.return_value = frozen_datetime
mock_tz.now.return_value = frozen_datetime
old_finding = Finding()
new_finding = Finding(is_Mitigated=True, active=False)
changed = helper.update_finding_status(new_finding, self.user_1,
old_finding)
self.assertEqual(self.get_mitigation_status_fields(new_finding),
(True, frozen_datetime, self.user_1))
self.assertFalse(changed)
def test_set_old_mitigated_as_active(self, mock_can_edit, mock_tz,
mock_dt):
mock_dt.now.return_value = frozen_datetime
mock_tz.now.return_value = frozen_datetime
old_finding = Finding(is_Mitigated=True,
active=False,
mitigated=frozen_datetime,
mitigated_by=self.user_2)
new_finding = Finding(active=True)
changed = helper.update_finding_status(new_finding, self.user_1,
old_finding)
self.assertEqual(self.get_mitigation_status_fields(new_finding),
(False, None, None))
self.assertFalse(changed)
def test_update_old_mitigated_with_missing_data(self, mock_can_edit,
mock_tz, mock_dt):
mock_dt.now.return_value = frozen_datetime
mock_tz.now.return_value = frozen_datetime
custom_mitigated = datetime.datetime.now()
old_finding = Finding(is_Mitigated=True,
active=False,
mitigated=custom_mitigated,
mitigated_by=self.user_2)
new_finding = Finding(is_Mitigated=True, active=False)
changed = helper.update_finding_status(new_finding, self.user_1,
old_finding)
# mitigated and mitigated_vy get updated
self.assertEqual(self.get_mitigation_status_fields(new_finding),
(True, frozen_datetime, self.user_1))
self.assertTrue(changed)
def add_temp_finding(request, tid, fid):
jform = None
test = get_object_or_404(Test, id=tid)
finding = get_object_or_404(Finding_Template, id=fid)
findings = Finding_Template.objects.all()
push_all_jira_issues = jira_helper.is_push_all_issues(finding)
if request.method == 'POST':
form = AddFindingForm(request.POST,
req_resp=None,
product=test.engagement.product)
if jira_helper.get_jira_project(test):
jform = JIRAFindingForm(
push_all=jira_helper.is_push_all_issues(test),
prefix='jiraform',
jira_project=jira_helper.get_jira_project(test),
finding_form=form)
logger.debug('jform valid: %s', jform.is_valid())
if (form['active'].value() is False or form['false_p'].value()
) and form['duplicate'].value() is False:
closing_disabled = Note_Type.objects.filter(
is_mandatory=True, is_active=True).count()
if closing_disabled != 0:
error_inactive = ValidationError(
'Can not set a finding as inactive without adding all mandatory notes',
code='not_active_or_false_p_true')
error_false_p = ValidationError(
'Can not set a finding as false positive without adding all mandatory notes',
code='not_active_or_false_p_true')
if form['active'].value() is False:
form.add_error('active', error_inactive)
if form['false_p'].value():
form.add_error('false_p', error_false_p)
messages.add_message(
request,
messages.ERROR,
'Can not set a finding as inactive or false positive without adding all mandatory notes',
extra_tags='alert-danger')
if form.is_valid():
finding.last_used = timezone.now()
finding.save()
new_finding = form.save(commit=False)
new_finding.test = test
new_finding.reporter = request.user
new_finding.numerical_severity = Finding.get_numerical_severity(
new_finding.severity)
new_finding.date = form.cleaned_data['date'] or datetime.today()
finding_helper.update_finding_status(new_finding, request.user)
new_finding.save(dedupe_option=False, false_history=False)
# Save and add new endpoints
finding_helper.add_endpoints(new_finding, form)
new_finding.save(false_history=True)
if 'jiraform-push_to_jira' in request.POST:
jform = JIRAFindingForm(
request.POST,
prefix='jiraform',
instance=new_finding,
push_all=push_all_jira_issues,
jira_project=jira_helper.get_jira_project(test),
finding_form=form)
if jform.is_valid():
if jform.cleaned_data.get('push_to_jira'):
jira_helper.push_to_jira(new_finding)
else:
add_error_message_to_response(
'jira form validation failed: %s' % jform.errors)
messages.add_message(request,
messages.SUCCESS,
'Finding from template added successfully.',
extra_tags='alert-success')
return HttpResponseRedirect(reverse('view_test', args=(test.id, )))
else:
messages.add_message(
request,
messages.ERROR,
'The form has errors, please correct them below.',
extra_tags='alert-danger')
else:
form = AddFindingForm(req_resp=None,
product=test.engagement.product,
initial={
'active': False,
'date': timezone.now().date(),
'verified': False,
'false_p': False,
'duplicate': False,
'out_of_scope': False,
'title': finding.title,
'description': finding.description,
'cwe': finding.cwe,
'severity': finding.severity,
'mitigation': finding.mitigation,
'impact': finding.impact,
'references': finding.references,
'numerical_severity':
finding.numerical_severity
})
if jira_helper.get_jira_project(test):
jform = JIRAFindingForm(
push_all=jira_helper.is_push_all_issues(test),
prefix='jiraform',
jira_project=jira_helper.get_jira_project(test),
finding_form=form)
# logger.debug('form valid: %s', form.is_valid())
# logger.debug('jform valid: %s', jform.is_valid())
# logger.debug('form errors: %s', form.errors)
# logger.debug('jform errors: %s', jform.errors)
# logger.debug('jform errors: %s', vars(jform))
product_tab = Product_Tab(test.engagement.product.id,
title="Add Finding",
tab="engagements")
product_tab.setEngagement(test.engagement)
return render(
request, 'dojo/add_findings.html', {
'form': form,
'product_tab': product_tab,
'jform': jform,
'findings': findings,
'temp': True,
'fid': finding.id,
'tid': test.id,
'test': test,
})
