def download_report():
if request.args.get("proj") != None:
project_id = request.args.get("proj")
if Project.getProject(project_id) != False:
project = Project.getProject(project_id)
options = {
'page-size': 'A4',
'margin-top': '0in',
'margin-right': '0in',
'margin-bottom': '0.2in',
'margin-left': '0in',
'footer-center': '[page] of [topage]',
}
url = str(request.url_root)+"/report?project_id="+str(project_id)
pdf = pdfkit.from_url(url, False, options=options)
response = make_response(pdf)
response.headers["Content-Type"] = "application/pdf"
projectName = str(project['projectName'])
projectName = projectName.replace(" ","-")
reportName = projectName+"-Report_"+str(date.today())
response.headers["Content-Disposition"] = "inline; filename="+reportName+".pdf"
return response
else:
return "Missing project ID"
def get_report():
project_id = request.args.get("project_id")
project = Project.getProject(id=project_id)
vulnerabilities = Vulnerability.getVulnerabilities(report_id=project_id)
severities = Vulnerability.getVulnerabilitiesSeverities(project_id)
vulnerabilities1 = Vulnerability.getVulnerabilities(report_id=project_id)
clientLogo = project["clientLogoID"][0]
print(clientLogo)
if vulnerabilities != None:
return render_template('report.html', project=project, vulnerabilities=vulnerabilities, vulnerabilities1 = vulnerabilities1, severities=severities, filename=clientLogo)
else:
return False
def add_vulnerability():
report_id = request.form['report_id']
name = request.form['name']
status = request.form['status']
severity = request.form['severity']
exploitability = request.form['exploitability']
poc = request.form['poc']
description = request.form['description']
comments = request.form['comments']
references = request.form['references']
owaspTop10 = request.form['owaspTop10']
risk = request.form['risk']
date = request.form['date']
remediation = request.form['remediation']
if 'pocImageIDText' in request.form:
pocImage = request.form['pocImageIDText']
print(pocImage)
else:
pocImage = None
if 'pocImage' in request.files:
image = request.files['pocImage']
if image.filename != '':
# add picture to DB and get ID
image_id = Project.addImage(image, image.filename)
pocImage = image.filename
vuln_id = request.args.get('vuln')
if vuln_id !=None: #if vuln already exist, dont add it, just edit it
if Vulnerability.getVulnerability(vuln_id) != False:
vulnerability = Vulnerability(_id=vuln_id, report_id=report_id, name=name, status=status, severity=severity,
exploitability=exploitability, poc=poc, description=description,
comments=comments,
references=references, owaspTop10=owaspTop10,
risk=risk, remediation=remediation, pocImage=pocImage, date=date)
Vulnerability.editVulnerability(vuln_id, vulnerability)
else: #if vuln does not exist, add it
vulnerability = Vulnerability(report_id=report_id, name=name, status=status, severity=severity,
exploitability=exploitability, poc=poc, description=description,
comments=comments,
references=references, owaspTop10=owaspTop10,
risk=risk, remediation=remediation, pocImage=pocImage, date=date)
Vulnerability.addVulnerability(vulnerability)
return project_template(projectID=report_id)
def project_template(projectID=None):
if projectID is None:
projectID = request.args.get('proj')
project = Project.getProject(projectID)
if (projectID != None):
vulnerabilities = Vulnerability.getVulnerabilities(projectID)
clientLogo = project['clientLogoID'][0]
else:
vulnerabilities = None
clientLogo = None
if (project != False):
clientLogo = project['clientLogoID'][0]
else:
clientLogo = None
return render_template('project.html', project = project, clientLogo=clientLogo, vulnerabilities=vulnerabilities)
def add_project():
projectName = request.form['projectName']
client = request.form['client']
contact = request.form['contact']
description = request.form['description']
target = request.form['target']
scope = request.form['scope']
startDate = request.form['startDate']
endDate = request.form['endDate']
author = request.form['author']
testers = request.form['testers']
reviewers = request.form['reviewers']
executiveSummary = request.form['executiveSummary']
conclusion = request.form['conclusion']
clientLogoID = request.form['clientLogoIDtext']
if 'clientLogoID' in request.files:
image = request.files['clientLogoID']
if image.filename!='':
#add picture to DB and get ID
image_id = Project.addImage(image, image.filename)
clientLogoID = image.filename
if request.form['projectID'] !=None: #if project already exist, dont add it, just edit it
projectID = request.form['projectID']
if Project.getProject(projectID) != False:
project = Project(_id=projectID,projectName=projectName, client=client, contact=contact, author=author, description=description, target=target,
scope=scope, startDate=startDate, endDate=endDate, testers=testers, reviewers=reviewers,
executiveSummary=executiveSummary, conclusion=conclusion, clientLogoID=clientLogoID)
Project.editProject(projectID, project)
else: #if project does not exist, add it
project = Project(projectName=projectName, client=client, contact=contact, description=description,
target=target,
scope=scope, startDate=startDate, endDate=endDate, author=author, testers=testers,
reviewers=reviewers,
executiveSummary=executiveSummary, conclusion=conclusion, clientLogoID=clientLogoID)
Project.addProject(project)
return projects_template()
# #Add
# print("testing add")
# Project.addProject(project) #Working
#
# #find
# print("testing find all")
# projects = Project.getProjects() #Working
#
# projects_list = []
# if projects != None:
# for project in projects:
# print(project["_id"])
# projects_list.append(project)
#
# print("number of projects is :", len(projects_list))
#
# #Delete
# print("testing delete")
# #print(Project.deleteProject(id="caf248905e1b49598c7ddb58c2ea06e4")) #working
#
# #update
# print("testing edit")
# print(Project.editProject(id="c9534e72a12b4227900487640af5af8d", newObj={"client":"NewClientName"}))
#
# #get
# print("testing find one")
# projectx = Project.getProject("fef85927c1804a8ebbfdaa1a2b149002")
# print(projectx)
print(Project.getProjectNumbersOfVulnerabilities())
owaspTop10="hacker",
description="hacker",
references="www.example.com",
risk="",
remidiation="")
#add vuln
#Vulnerability.addVulnerability(vulnerability01) #workring
#Vulnerability.addVulnerability(vulnerability02)
#Vulnerability.addVulnerability(vulnerability03)
#find all vuln of report
print("testing find all vuln of a project")
vulnerabilities_list = []
vulnerabilities = Vulnerability.getVulnerabilities(
"baf03af5f64e438a9bad9b161863782b") #working
project = Project.getProject("baf03af5f64e438a9bad9b161863782b")
print(project["client"])
for vuln in vulnerabilities:
vulnerabilities_list.append(vuln)
for vuln in vulnerabilities_list:
print(vuln["name"], vuln["severity"], vuln["_id"], vuln["status"])
#find one vuln
print("testing find one vuln")
vuln = Vulnerability.getVulnerability("7c40e40dfc7b4f97a3e3436838759403")
print(vuln)
#edit vuln
print("testing edit")
print(
Vulnerability.editVulnerability(id="14ce263fde964e7ead2b424bc712dd79",
from src.models.Project import Project
from src.common.Database import Database
Database.initialize()
project = Project(author="tester1",
client="ClientName2",
contact=11100011,
testers=["tester1", "tester2"],
reference="xx123",
startDate="01-01-2020",
endDate="02-01-2020",
description="first project for testing",
scope=["www.example1.com", "www.example2.com", "127.0.0.1"],
target="Client Website",
reviewers=["manager1", "client1", "developer1"])
#Add
#Database.insert(collection="projects",data=project.json())
Project.addProject(project)
#find
projects = Project.getProjects()
projects_list = []
for project in projects:
print(project["id"])
projects_list.append(project)
print("number of projects is :", len(projects_list))
#Delete
#Database.delete_many(collection="projects",query={"client": "ClientName"})
def delete_project():
_id = request.form["project_id"]
Project.deleteProject(id=_id)
return projects_template()
def projects_template():
#fetch projects from model
projects = Project.getProjects()
nos_vulns = Project.getProjectNumbersOfVulnerabilities()
return render_template('projects.html', projects=zip(projects, nos_vulns))
def getImage(filename):
if filename == "None":
return ""
else:
return Project.getImage(filename=filename)