def view_finding(request, fid):
finding = get_object_or_404(Finding, id=fid)
user = request.user
try:
jissue = JIRA_Issue.objects.get(finding=finding)
except:
jissue = None
pass
try:
jpkey = JIRA_PKey.objects.get(product=finding.test.engagement.product)
jconf = jpkey.conf
except:
jconf = None
pass
dojo_user = get_object_or_404(Dojo_User, id=user.id)
if user.is_staff or user in finding.test.engagement.product.authorized_users.all(
):
pass # user is authorized for this product
else:
raise PermissionDenied
notes = finding.notes.all()
if request.method == 'POST':
form = NoteForm(request.POST)
if form.is_valid():
new_note = form.save(commit=False)
new_note.author = request.user
new_note.date = datetime.now(tz=localtz)
new_note.save()
finding.notes.add(new_note)
finding.last_reviewed = new_note.date
finding.last_reviewed_by = user
finding.save()
if jissue is not None:
add_comment_task(finding, new_note)
form = NoteForm()
url = request.build_absolute_uri(
reverse("view_finding", args=(finding.id, )))
title = "Finding: " + finding.title
process_notifications(request, new_note, url, title)
messages.add_message(request,
messages.SUCCESS,
'Note saved.',
extra_tags='alert-success')
else:
form = NoteForm()
try:
reqres = BurpRawRequestResponse.objects.get(finding=finding)
burp_request = base64.b64decode(reqres.burpRequestBase64)
burp_response = base64.b64decode(reqres.burpResponseBase64)
except:
reqres = None
burp_request = None
burp_response = None
add_breadcrumb(parent=finding, top_level=False, request=request)
return render(
request, 'dojo/view_finding.html', {
'finding': finding,
'burp_request': burp_request,
'jissue': jissue,
'jconf': jconf,
'burp_response': burp_response,
'dojo_user': dojo_user,
'user': user,
'notes': notes,
'form': form
})
def view_finding(request, fid):
finding = get_object_or_404(Finding, id=fid)
cred_finding = Cred_Mapping.objects.filter(finding=finding.id).select_related('cred_id').order_by('cred_id')
creds = Cred_Mapping.objects.filter(test=finding.test.id).select_related('cred_id').order_by('cred_id')
cred_engagement = Cred_Mapping.objects.filter(engagement=finding.test.engagement.id).select_related('cred_id').order_by('cred_id')
user = request.user
try:
jissue = JIRA_Issue.objects.get(finding=finding)
except:
jissue = None
pass
try:
jpkey = JIRA_PKey.objects.get(product=finding.test.engagement.product)
jconf = jpkey.conf
except:
jconf = None
pass
dojo_user = get_object_or_404(Dojo_User, id=user.id)
if user.is_staff or user in finding.test.engagement.product.authorized_users.all():
pass # user is authorized for this product
else:
raise PermissionDenied
notes = finding.notes.all()
if request.method == 'POST':
form = NoteForm(request.POST)
if form.is_valid():
new_note = form.save(commit=False)
new_note.author = request.user
new_note.date = timezone.now()
new_note.save()
finding.notes.add(new_note)
finding.last_reviewed = new_note.date
finding.last_reviewed_by = user
finding.save()
if jissue is not None:
add_comment_task(finding, new_note)
form = NoteForm()
url = request.build_absolute_uri(reverse("view_finding", args=(finding.id,)))
title= "Finding: "+ finding.title
process_notifications(request, new_note, url, title)
messages.add_message(request,
messages.SUCCESS,
'Note saved.',
extra_tags='alert-success')
else:
form = NoteForm()
try:
reqres = BurpRawRequestResponse.objects.get(finding=finding)
burp_request = base64.b64decode(reqres.burpRequestBase64)
burp_response = base64.b64decode(reqres.burpResponseBase64)
except:
reqres = None
burp_request = None
burp_response = None
add_breadcrumb(parent=finding, top_level=False, request=request)
return render(request, 'dojo/view_finding.html',
{'finding': finding,
'burp_request': burp_request,
'jissue': jissue,
'jconf': jconf,
'cred_finding': cred_finding,
'creds': creds,
'cred_engagement': cred_engagement,
'burp_response': burp_response, 'dojo_user': dojo_user,
'user': user, 'notes': notes, 'form': form, 'found_by': finding.found_by.all().distinct()})
